The National Security Agency has release cybersecurity guidance for teleworkers to help enhance security when staff are working remotely. The guidance has been made available primarily for U.S. government employees and military service members, but it is also relevant to healthcare industry workers providing telehealth services from their home computers and smartphone devices.
There are a lot of consumer and enterprise-grade communication solutions on the market and the cybersecurity protections provided by each can differ quite a bit. The guidance document outlines 9 important things to take into account when choosing a collaboration service. By assessing each service against the nine criteria provided, remote workers will be able to choose the most appropriate solution for them.
The NSA strongly advises the completion of high-level security assessments to deduce how the security capabilities of each platform performs against certain security standard. These assessments are useful for spotting risks associated with the features of each tool. The guidance document also includes information on using the collaboration services safely.
The NSA recommends the guidance should be distributed to all employees who are now working from home to allow them to make an informed decision about the best communication and collaboration tools to use to meet their specific requirements, and for workers to take the steps outlined in the guidance document to address the risk of cyberattacks.
The guidance document, Selecting and Securely Using Collaboration Service for Telework is available to be downloaded here.
Healthcare-specific guidance for remote workers has also recently been made available by the American Hospital Association (AHA) /American Medical Association (AMA), which should be used in along with the NSA guidance.
On April 30, 2020, the HHS’ Office for Civil Rights outlined man resources covering the current threat landscape and the steps that can be taken to tackle risks to a reasonable and acceptable level, as detailed here:
- OCR Cyber Attack Quick Response Checklist
- FBI guidance on COVID-19 phishing attacks on healthcare providers
- IC3 guidance on COVID-19 online extortion scams
- HHS Health Sector Cybersecurity Coordination Center (HC3) white paper on COVID-19 VTC exploitation
- HC3 guidance on COVID-19 cyber threats