Telework is on the rise, and, as a result, hackers are increasingly targeting remote workers, according to the National Institute of Standards and Technology (NIST).
So NIST is updating its guidelines for securing data to include devices such as smartphones, tablets, and unsecured laptops that may pose a greater weakness to a company’s security.
“Organizations are realizing that many data breaches occur when attackers can steal important information from a network by first attacking computers used for telework,” said Murugiah Souppaya, a NIST computer scientist. These telework devices are also more susceptible to malware and being stolen.
NIST originally published its telework policy in 2009, and is now updating it to include contractor devices and BYODs–devices such as smartphones or tablets that are owned by the employee and not monitored by the company. The guidance also explains two new technologies that are critical in securing telework devices: Virtual Mobile Infastructure and Mobile Device Management
Virtual Mobile Infrastructure (VMI) establishes a temporary secure environment on a mobile device when the teleworker needs to access the organization’s data and applications. When the session is done, the environment is securely destroyed, leaving no traces of the data and applications on the mobile device.
Mobile Device Management (MDM) can enforce security policies on mobile devices on behalf of the organization, ensuring that the device meets the security standards of the company.
NIST is seeking comments on its two draft publications about this topic: Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, and User’s Guide to Telework and Bring Your Own Device (BYOD) Security. The deadline for comments is April 15.