As government employees move to remote work, pressure on agencies’ network infrastructure and security defenses is increasing. Hackers are poised to take advantage of an increasing attack surface as workers connect from possibly unsecured devices with unfamiliar tools.
To keep virtual work discussions private and secure, the National Institute of Standards and Technology has issued advice, most of which is likely to already be specified (if not always heeded) in an organization's existing policies.
"Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop," wrote Jeff Greene, director of NIST's National Cybersecurity Center of Excellence. "Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively -- and not the genesis of a data breach or other embarrassing and costly security or privacy incident."
Limiting reuse of access codes for phone meetings along with one-time PINs and multifactor authentication can help ensure that only authorized users are on more sensitive calls. For virtual or web meetings, waiting rooms and dashboards can help monitor attendees and keep track of unnamed or generic visitors. They can also help an organization keep track of who is (and isn't) supposed to be connected.
Not every work meeting will require the use of every step. Greene encouraged organizations to use different protocols for low-, medium- and high-risk calls, and NIST developed an easy-to-use graphic to help workers determine when to use what option. More sensitive work may require tactics like distributing PINs at the last minute, identifying all attendees and then locking the meeting and ensuring that all attendees are connecting from approved devices.
NIST’s telework cybersecurity guidance is collected here.
Read more at: GCN