With Federal government agencies approaching the three-year anniversary of the turn to widespread telework in March 2020, a senior official at the Government Accountability Office (GAO) explained this week that cyber hygiene measures for the remote workforce remain as important as ever in securing an expanded attack surface.
“How you secure an agency’s network, perimeter defenses, and firewalls – while all of us are at work in the building – looks and shapes a lot differently, then the protections we can offer if all of us are geographically dispersed wherever we are in our homes,” said Jennifer Franks, director for Information Technology and Cybersecurity at GAO, said on Feb. 7 at the Nextgov Workforce Summit.
When the COVID-19 pandemic descended, Franks explained, Federal agencies had to identify the tools and technologies that would allow remote employees to conduct business securely, efficiently, and effectively.
And it was clear, she said, that agencies would need to train users on how to be cyber aware and cyber smart “so that all of us can do our part and be knowledgeable to help protect the agency’s investments, security controls, and strong access controls.”
Continued “protections, training, awareness of technology challenges” will help secure networks in remote environments, Franks said.
“There are just so many nuances of being in the office versus at home. And we must practice being cyber aware and cyber smart,” she emphasized.
Franks explained that Federal guidance – such as the National Institute for Standards and Technology telework tip guide – offered valuable tips to improve remote work security.
“This was all helping us and the Federal government at large to secure to help the employee,” Franks said.
Some key tips Franks highlighted include the use of multifactor authentication, creating unique and complex passwords, and reporting unusual device activity to help desks and security operations centers.
Franks also offered advice for employees permitted to utilize personal devices to conduct business, including continuous virus scanning and patching, updating devices to include the latest software, and being mindful of an organization’s rules of digital behavior.