The NSA has some pretty obvious security advice for remote workers
The National Security Agency (NSA) has published some new advice for those working from home to secure their work devices and home networks.
In issuing some fairly basic and standard advice, it is noted that those in telecommunications specifically should make sure their user and networking devices are kept up to date to prevent compromises to their own and their organization’s security posture.
It also recommended that data backups should be conducted on a regular basis and that where possible, online devices should be disconnected from your network.
When it comes to malware, the NSA recommends rebooting your devices – including your routers – regularly, as this can help to “remove implants”. This is effective for dealing with less persistent forms of malware, and it recommends you do this at least once a week.
Turning on automatic updates was also recommended by the agency, as well as using an account on your work device that doesn’t grant you privileged access to the machine.
To protect you from being spied on, it also advised – somewhat ironic given the agency’s track record – covering your webcam and disabling microphones in case your system has already been breached.
You should also use a personal router rather than one provided by your ISP, as these may not provide enough regular updates to keep them safe.
“To minimize vulnerabilities and improve security, the routing devices on your home network should be updated to the latest patches, preferably through automatic updates.”
Users should also be careful not to use them beyond their end-of-life, as this will mean they will no longer receive the vital updates and patches to keep them secure. Outdated devices with unpatched vulnerabilities are one of the main ways threat actors are able to hack their way into your network.
“In the age of telework, your home network can be used as an access point for nation-state actors and cybercriminals to steal sensitive information,” noted Neal Ziring, the Cybersecurity Technical Director for the agency.
“We can minimize this risk by securing our devices and networks, and through safe online behavior.”