“Overwhelmingly, federal employees who telework have a positive sentiment about teleworking”, according to a recent survey. Another survey found teleworkers enjoy having flexible work hours and fewer distractions and not having to commute.
Hackers like teleworking too.
Cybersecurity experts have noticed an increasing number of attacks against teleworking and online collaboration solutions and more phishing attempts that use the subject of Coronavirus or COVID-19 as a lure. This jump in threat activity makes following cybersecurity policy and guidance while working remotely even more important than it was before.
If you follow the cybersecurity guidance for defending yourself at home in last week’s article, you should be well-protected. This article amplifies some of the key points made during week 2 and introduces other secure teleworking steps from the National Security Agency, DHS, and DoD.
Protect your router. If you install a router on your home network, ensure it has a firewall. Follow your router’s instructions for disabling remote administration so changes can only be made by someone on your home network.
Keep it current. Using the latest operating system version on your personal computing devices is important because the most recent one will contain security features not found in older versions. Many of these features are enabled by default and help prevent common exploits.
For Navy computers connected to the network through a Virtual Private Network (VPN), apply the most recent software patches remotely by following the instructions in paragraph 7.c.(5)(b) of NAVADMIN 123/20, EFFECTIVE USE OF REMOTE WORK OPTIONS UPDATE.
Shut it down. Limit your vulnerability to intrusions by turning off your wireless access point/router and other computing devices (including printers) when they are not being used.
Trim down. Every application on your personal computing device is a potential target. The more programs you remove, the more secure your device becomes.
Keep devices apart. Prevent possible transmission of malware between your cell phone and personal computer by charging your phone with an adapter instead of connecting it to your computer.
Don’t connect unauthorized devices. Like at work, do not connect storage devices, such as thumb drives and external hard drives to Navy-issued computers. Do not connect any personally owned device that prints, including multi-function devices, to Navy computers. External monitors may be connected to Navy computers if they do not use a USB connection or have any storage capacity. You may also connect a personal keyboard or mouse.
Remove your CAC or lock your computer. Always remove your CAC when you step away from your computer – just as you would if you were at work.
Don’t mix business and pleasure. Do not use personal email for Navy business or forward email from a Navy account to a personal account.
Protect sensitive information. Encrypt emails containing sensitive information that should be protected from unauthorized access, including Controlled Unclassified Information, Personally Identifiable Information, and Protected Health Information. Do not store this type of information on your personal computing devices. For Outlook Web Access users, Transport Layer Security (TLS) 1.2 must be enabled to support encryption. Instructions for enabling TLS 1.2 are available at https://www.homeport.navy.mil/support/articles/ie-enable-tls/.
Guard against shoulder-surfing and eavesdropping. If possible, arrange your home workspace to prevent others from seeing your computer screen or overhearing your work conversations. Disconnect digital assistants when they are not being used. Limit conversations near baby monitors, toys that record audio, and digital assistants. Turn off webcams, microphones and video conference applications when they are not being used.
The Navy is counting on you to keep cybersecurity top-of-mind as you telework so we can remain secure during this time of heightened activity by our adversaries.
Do your part to defend the Navy in cyberspace.
Republished from Navy Live Blog, the Official Blog of the U.S. Navy: http://navylive.dodlive.mil/.