Telework Security Resources

Send your suggestions for more resources to add to karen at scarfonecybersecurity dot com

For Enterprises

 

Organizations needing help with the security of their telework technologies--remote access servers, VPN solutions, telework client device security, user training, etc.--may benefit from using these resources.

​

Technologies

• Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions from NIST (Karen Scarfone, Jeffrey Greene, and Murugiah Souppaya)

• SP 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security from NIST (Murugiah Souppaya and Karen Scarfone)

• SP 800-113, Guide to SSL VPNs from NIST (Sheila Frankel, Paul Hoffman, Angela Orebaugh, and Richard Park) -- note: the latest information on TLS (formerly SSL) usage is at SP 800-52 Revision 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations from NIST (Kerry McKay and David Cooper)

• SP 800-77 Revision 1 (Draft), Guide to IPsec VPNs from NIST (Elaine Barker, Quynh Dang, Sheila Frankel, Karen Scarfone, and Paul Wouters)

• Moving to the Unclassified: How the Intelligence Community Can Work from Unclassified Facilities from RAND Corporation (Cortney Weinbaum, Arthur Chan, Karlyn Stanley, and Abby Schendt) [This has lots of helpful information on establishing telework that most organizations, not just intelligence agencies, would find helpful]

​

Training and Awareness

• SANS Security Awareness Work-from-Home Deployment Kit from the SANS Institute

• When Working from Home, Practice Good Cyber-Hygiene from TAG Cyber (Joseph DeMarco)

​

Policies

• Secure Remote Work Policy Template by LetoSecurity

For End Users

 

Here are telework resources for people who are trying to be mindful of security while teleworking.

​

• Crowdsourced - Work From Home Security Guide (in plain english...) from Gabriel Friedlander

• Special Publication 800-114 Revision 1, User's Guide to Telework and Bring Your Own Device (BYOD) Security from NIST (Murugiah Souppaya and Karen Scarfone)

• CIS Controls Telework and Small Office Network Security Guide from the Center for Internet Security (Joshua Franklin, Editor) and 5 Network Security Remedies for Telework

• Coronavirus: Scammers follow the headlines from FTC (Colleen Tressler)

• Preventing Eavesdropping and Protecting Privacy on Virtual Meetings from NIST (Jeff Greene)

• Tips for Securing Conference Calls from NIST

​

Also, here's a great resource for people who are new to telework and looking to get acclimated: Suddenly working from home? We've done it for 22 years--and have advice from Ars Technica