The NSA Cybersecurity Guide for Remote Workers

Mar 10, 2023 | Information Security

Remote work has steadily become the new norm in recent years. But, while working from home has many appealing benefits for employees, it also opens the door to many cybersecurity risks, such as phishing and malware.

“In the age of telework, your home network can be used as an access point for nation-state actors and cybercriminals to steal sensitive information,” said Neal Ziring, National Security Agency (NSA) Cybersecurity Technical Director. “We can minimize this risk by securing our devices and networks, and through safe online behavior.”

To help remote workers mitigate cyber risks and protect the confidentiality of their data, the NSA recently published the “Best Practices for Securing Your Home Network” Cybersecurity Information Sheet (CSI). The guide includes useful recommendations on how to maintain device security, email best practices, network segmentation, password protection, and more. Here are some of the key NSA-recommended cybersecurity best practices for remote workers.

Keep operating systems, routing devices, and browsers up to date

Outdated systems, devices, and browsers might contain security gaps which can be exploited by hackers to compromise your home network and steal data. To maximize protection of your network, the NSA recommends using modern operating systems, routing devices, and browsers, as well as keeping all IT infrastructure up to date. Keeping all systems and devices current will give you continued access to security patches and other updates that help eliminate any vulnerabilities.

Maximize password protection

Using strong passwords is a key first step to defending confidential data from unauthorized access. Reusing passwords can compromise multiple accounts if a hacker somehow steals those credentials. Since creating and remembering unique passwords can be tough, the NSA strongly recommends using a password manager to maximize protection.

Be cautious when using public WIFI

Many remote or hybrid workers might, at times, need to use public WIFI at the places like airports, coffee shops, or hotels to do business. But there are multiple security risks of public WIFI. The NSA says that these public hotspots are more susceptible to malicious activity. This, in turn, makes you more vulnerable to cyberattacks if you do not take proper measures for data protection when using these networks. While it’s best to avoid public WIFI, if access is necessary, the NSA recommends using a trusted VPN to defend your connection from cyberattacks or snooping.

Pay attention to email security

Phishing emails are one of the most popular attack vectors that hackers use to steal login credentials or distribute malware. To reduce risk exposure, you should carefully evaluate the authenticity of an email and exercise caution when dealing with unknown emails. The NSA suggests that it’s best to avoid clicking on attachments or links in unsolicited emails as these could be malicious. Stressor or outlandish content is a key red flag of phishing, so you should never engage with unknown emails that attempt to cause panic or contain offers that are too good to be true.

Segment your wireless network

The NSA guide says, “At a minimum, your wireless network should be segmented between your primary WIFI, guest WIFI, and IoT network. This segmentation keeps less secure devices from directly communicating with your more secure devices.”

Safeguard against eavesdropping

It’s important to remember that even when not actively in use, home assistants and smart devices are listening to your conversations. If they are not properly secured, these devices can increase your risk exposure to eavesdropping attacks. To mitigate malicious activity, the NSA recommends muting microphones when devices are dormant, restricting confidential discussions around baby monitors, home assistants, and other smart devices, and covering a device’s camera when it’s not being used.

Use a VPN to maintain data confidentiality

Remote workers should use a VPN to connect remotely and securely to their company’s internal network. Using a VPN allows for increased data security through encryption, which ensures that you can still safely access sensitive company information when you are not on-site.

Click below for the full list of NSA recommendations for securing your home network!

Read the full guide

Cybersecurity Awareness Training for Employees

GraVoc’s security awareness training sessions educate remote and in-person employees on cybersecurity best practices and ensure they are well-equipped to recognize and mitigate a security risk. Click below to learn more about our security awareness training services!

Learn more

Related articles