Small Offices, Big Security – New Guide for Securing Telework Environments

CIS-Controls-Telework-Guide-1200Telecommuting is more popular than ever, allowing people to work from home or alternative environments away from the traditional office. According to Forbes, remote work has become the “standard operating mode” for half of U.S. employees – however, 38% lack the technological support they need. While this trend has increased flexibility, it’s also increased the potential for cyber-attacks to affect the organization from a remote workplace. So, how can teleworking employees help protect themselves and their organization from cyber threats?

Our hardworking CIS Controls team has released a new guide to help teleworkers and small offices implement cybersecurity best practices. This guide provides cybersecurity best practices for hardening routers, modems, and other network devices. As the trend of remote work continues to grow, the CIS Telework and Small Office Network Security Guide will be a helpful resource for small-to-medium businesses and home offices. It’s the latest application of the CIS Controls cybersecurity best practices, as part of our mission to secure the connected world.

Arrow Download CIS Controls

Securing critical devices

The newly published CIS Telework and Small Office Network Security Guide focuses on recommendations for basic network setup and securing your home routers and modems against cyber threats. These devices are often designed for personal use, but may also be leveraged by small-to-medium-sized organizations within an enterprise setting.

Securing these network devices is critical as they act as an on-ramp for internal networks to access the internet. As a result, they are subject to scans and attacks from outside networks. The threat surface grows as teleworking expands. A poorly configured home or small office device can affect an entire organization.

Serious security for serious threats

Our goal with this guide is to assist individuals and organizations in securing commodity routers, modems, and other network devices. Securing these devices is important, as there are serious cybersecurity implications if these network devices are successfully attacked. For example:

  • If someone can access your network, they may be able to read sensitive company files like tax information, personally identifiable information (PII) about employees, and other proprietary information that should not be shared with someone outside of the organization.
  • If a router or other computer systems in a network are compromised, they may become part of a botnet, which can be used to attack other computer systems and organizations connected to the internet.
  • If an organization doesn’t implement basic cyber defense controls, they may be in some way liable for breaches and data loss caused by insecure computer networks and systems.

There are many network devices created for small office or home office situations, but these devices are not always equal in terms of security features when compared to more expensive “enterprise-class” devices. The CIS Telework and Small Office Network Security Guide provides recommendations on:

  • How to initially purchase a router or modem that fits your organization’s security needs
  • How to perform regular maintenance
  • Proper disposal techniques
  • Practical descriptions for enabling authentication and encryption
  • Guidance for turning off unneeded services that attackers can exploit

From policy to implementation

Security for network devices such as routers and modems is essential. In order to protect their systems and data, teleworkers and small organizations are encouraged to configure their network devices using the guidance found in the CIS Telework and Small Office Network Security Guide. It provides best practices for purchasing, setting up, maintaining, and disposing of network devices. With this guide, users can take cyber defense from policy to practice, and implement security with confidence.