Telework Security Resources
Send your suggestions for more resources to add to karen at scarfonecybersecurity dot com
For Enterprises
Organizations needing help with the security of their telework technologies--remote access servers, VPN solutions, telework client device security, user training, etc.--may benefit from using these resources.
Technologies
-
Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions from NIST (Karen Scarfone, Jeffrey Greene, and Murugiah Souppaya)
-
SP 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security from NIST (Murugiah Souppaya and Karen Scarfone)
-
SP 800-113, Guide to SSL VPNs from NIST (Sheila Frankel, Paul Hoffman, Angela Orebaugh, and Richard Park) -- note: the latest information on TLS (formerly SSL) usage is at SP 800-52 Revision 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations from NIST (Kerry McKay and David Cooper)
-
SP 800-77 Revision 1 (Draft), Guide to IPsec VPNs from NIST (Elaine Barker, Quynh Dang, Sheila Frankel, Karen Scarfone, and Paul Wouters)
-
Moving to the Unclassified: How the Intelligence Community Can Work from Unclassified Facilities from RAND Corporation (Cortney Weinbaum, Arthur Chan, Karlyn Stanley, and Abby Schendt) [This has lots of helpful information on establishing telework that most organizations, not just intelligence agencies, would find helpful]
Training and Awareness
-
SANS Security Awareness Work-from-Home Deployment Kit from the SANS Institute
-
When Working from Home, Practice Good Cyber-Hygiene from TAG Cyber (Joseph DeMarco)
Policies
-
Secure Remote Work Policy Template by LetoSecurity
For End Users
Here are telework resources for people who are trying to be mindful of security while teleworking.
-
Crowdsourced - Work From Home Security Guide (in plain english...) from Gabriel Friedlander
-
Special Publication 800-114 Revision 1, User's Guide to Telework and Bring Your Own Device (BYOD) Security from NIST (Murugiah Souppaya and Karen Scarfone)
-
CIS Controls Telework and Small Office Network Security Guide from the Center for Internet Security (Joshua Franklin, Editor) and 5 Network Security Remedies for Telework
-
Coronavirus: Scammers follow the headlines from FTC (Colleen Tressler)
-
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings from NIST (Jeff Greene)
-
Tips for Securing Conference Calls from NIST
Also, here's a great resource for people who are new to telework and looking to get acclimated: Suddenly working from home? We've done it for 22 years--and have advice from Ars Technica