The Cybersecurity and Infrastructure Security Agency (CISA) launched a dedicated telework product line intended to advise and support the incorporation of cybersecurity considerations when adopting or expanding telework policies, such as the use of video conferencing software and related collaboration tools.
These new products are available at cisa.gov/telework. This page is a one-stop shop for telework cybersecurity guidance for critical infrastructure, government, and citizens. This guidance is developed in close collaboration with federal and private sector partners.
“As many businesses and organizations have rapidly shifted to a maximum telework environment, CISA is providing a one-stop shop of cybersecurity and resources to protect networks in this new landscape,” said CISA Director Christopher Krebs. “We are working with our federal and private sector partners to understand the threat landscape and provide a central point of the latest and most up-to-date information for organizations to keep their networks and employees safe. As the threat continues to evolve, so will the guidance, and we will continue to add more products as needed.”
At cisa.gov/telework, CISA is providing information and advice about certain threat vectors, cybersecurity best practices, and how to properly apply security settings for a range of video conferencing tools. The initial products on the new webpage are:
- Cybersecurity Recommendations for Critical Infrastructure Using Video Conferencing includes information about some of the tactics cyber actors might use to disrupt business or steal sensitive information and recommended security practices for both organizational enterprise networks and end-users.
- Cybersecurity Recommendations for Federal Agencies Using Video Conferencing addresses enterprise security practices that includes the use of FedRAMP-authorized products for agencies with cloud services. It also contains best practices for end-users like only using agency-approved software and tools for business, as well adversarial tactics that seek to acquire Federal government information.
- Guidance for Securing Video Conferencing is for individuals and organizations and provides four principles and tips on how to connect securely, control access, manage file and screen sharing and recordings, and how to keep applications updated and secure. Also, it provides information on how to implement security settings for common video conferencing tools.
- National Security Agency and CISA Telework Best Practices is a collaborative one-page product for providing basic advice for safe and secure teleworking, primarily for government employees.
- Video Conferencing, a two-page information source with tips on conducting safe and security video conferencing. It is designed for the general public as well as organizations to use as a guide for educating their workforce.