ARCHIVE: National Preparedness Month - Cyber Security for Remote Work
This story is an archived copy and may not reflect the most up to date information. Please visit the Employee section of our site for the latest employee information.
At the beginning of the COVID-19 pandemic, federal agencies required many employees to work remotely. Some FSIS employees now have the opportunity to work remotely fulltime or a combination of remote and onsite work. Cyber security is a concern that employees should think about wherever they are working on a computer or other eDevice. There are significant cybersecurity risks when working remotely that these workers should be aware of and actions they can take. These include network security and ensuring they follow remote work best practices.
Network Security for Everyone
Network security is important for home networks as well as in the business world. Most homes with high-speed internet connections have one or more wireless routers, which could be exploited if not properly secured. A solid network security system helps reduce the risk of data loss, theft and sabotage. To help protect your network security there are steps you can take.
Many software and hardware products come out of the box with overly permissive factory-default configurations intended to make them user friendly and reduce the troubleshooting time for customer service. However, these configurations are available to provide security. You should take steps to harden the default configurations parameters to reduce vulnerabilities and protect against intrusions.
- Change the router’s default administrator password. Use strong and unique passwords. to help secure your devices.
- Change the default service set identifier (SSID), sometimes referred to as the network name. An SSID is a unique name that identifies a particular wireless local area network.
- Disable Wi-Fi Protected Setup (WPS). WPS provides simplified mechanisms for a wireless device to join a wi-fi network without the need to enter the wireless network password. However, there is a design flaw in the WPS specification, which makes it suspectable to cyberattacks.
Remote Work Best Practices
As a remote worker, there are several best practices you can take to make sure your devices are safe from cyber security threats.
- Only use agency-approved collaboration tools, including chat and video conferencing platforms.
- Use agency-approved methods to share files. Be mindful of distribution and dissemination when using agency-approved platforms.
- Store work-related content on government furnished equipment (GFE) and supported cloud services. Do not forward work emails to a personal email account.
- Log off your remote connection at the end of the workday.
- Only connect GFE to a network you are in complete control of like a home network. Do not connect to a network you do not own and control such as public wi-fi.
- Use devices owned, managed and protected by the agency, such as laptops or smart phones.
- Avoid opening email or clicking links from people you do not know, that have generic greeting, spoofed hyperlinks and websites, contain suspicious attachments, or request to download and open an attachment.
- Always install updates on your GFE when prompted by the agency or CEC.
- Complete the USDA Information Security Awareness Training each year and review the training if needed.
Reporting Cyber Security Concerns
If you have a cyber security concern, immediately contact the CEC Help Desk at 1-877-873-0783. Follow their guidance on next steps.
Cybersecurity & Infrastructure Security Agency (CISA) provides a Security Tips: Home Network Security and information on CISA Telework Best Practices. The U.S. Chief Information Officers Council also provides information on remote work best practices.