Telework Cybersecurity

Today, many employees choose to telework (also known as 'telecommuting'). Teleworking is the ability of an organization’s employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization’s facilities. While an important work option at this time, it also brings some cybersecurity risks to organizations that can be understood and managed.

To help with this, NIST offers the following resources--primarily NIST Special Publications (SP):

• Telework:
  • For Organizations: 
    • ITL Bulletin: Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions;
    • Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2).
  • For Telworkers:
    • Telework Security Basics (blog post) and Telework Security Overview and Tip Guide (graphic);
    • Preventing Eavesdropping and Protecting Privacy on Virtual Meetings (blog post) and Tips for Securing Conference Calls (graphic);
    • User's Guide to Telework and Bring Your Own Device (BYOD) Security​​ (SP 800-114 Rev. 1).

For related content, see:

• ​Mobile Device Security:
  • Mobile Device Security: Cloud and Hybrid Builds (SP 1800-4)​;
  • Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) (Draft SP 1800-21);
  • Guidelines for Managing the Security of Mobile Devices in the Enterprise (SP 800-124 Rev. 1);
    • ​Draft SP 800-124 Revision 2 (March 2020) is now available for comment through June 26, 2020  (added 3/24/20).
• Security Configurations and Checklists:
  • ​National Checklist Program Repository;

• TLS:
  • Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (SP 800-52 Rev. 2).