The National Security Agency (NSA) released a list of cybersecurity best practices. The information sheet was designed to help teleworkers protect their home networks from malicious cyber actors.
The guide includes recommendations for securing routing devices, implementing wireless network segmentation and ensuring confidentiality during telework. The NSA made the following recommendations to improve cybersecurity:
The security of a home network can directly affect not only personal information, but also work information and networks when teleworking. Using a virtual private network (VPN) to remotely connect to internal corporate network via a secure tunnel is one solution for securely accessing work information. This provides an added layer of security while allowing security leaders to take advantage of services normally offered to on-site users
Be aware that home assistants and smart devices have microphones and are listening to conversations, even when someone is not actively engaging with the device. If compromised, the adversary can eavesdrop on conversations. Limit sensitive conversations when near baby monitors, audio recording toys, home assistants and smart devices. Consider muting their microphones when not in use. For devices with cameras (e.g., laptops, monitoring devices and toys) cover cameras when not using them. Disconnect Internet access if a device is not commonly used, but be sure to update it when you do use it.
Avoid opening attachments or links from unsolicited emails. Exercise cyber hygiene; do not open unknown emails or click on their attachments or web links. Check the identity of the sender via secondary methods (phone call, in-person) and delete the email if verification fails. For those emails with embedded links, open a browser and navigate to the web site directly by its well-known web address or search for the site using an Internet search engine.
Be cautious of duplicate or copycat profiles of current friends, family, or coworkers. Malicious actors may use impersonated accounts to query for privileged information or target for spearphishing.
Many online sites use password recovery or challenge questions. To prevent an attacker from leveraging personal information to answer challenge questions, consider providing a false answer to a fact-based question, assuming the response is unique and memorable.
Read the full information sheet here.