Federal agencies say teleworking is here to stay, and they’re adjusting their cybersecurity strategies accordingly.
For many federal agencies, teleworking presents a unique cybersecurity challenge: suddenly thousands of employees are using home Wi-Fi networks and personal devices to work, and sometimes view classified information, potentially opening up their department’s network up to cyber criminals and nation-state actors.
Zero trust architecture and constant monitoring of all network nodes are important, but a mindset shift is key, said senior officials from NIST, the Air Force and the Department of State at a FedInsider webinar last week.
Jeff Greene, director for the National Cybersecurity Center of Excellence at NIST, said even a simple phone call while working from home should be thought of as a “data transfer” requiring zero trust authentication.
“You may need to apply more security to have that kind of chat when you're not within the confines of a secure government building,” he said. “Stopping and thinking and getting people to build that pause in is going to be hard. There is a mindset shift when you can't just walk down the hall and talk with someone.”
Read more at: Government CIO