The National Institute of Standards and Technology has issued a technical bulletin urging organizations to enact security policies and require multifactor authentication for teleworking employees who need to access enterprise data.
Organizations should assume that an external environment contains hostile threats when planning telework security policies and implement validated encryption tools designed to protect client device communications, according to the March 2020 bulletin from NIST’s Information Technology Laboratory.
The agency noted that desktop and laptop computers, tablets and smartphones may be used to transmit emails, visit websites, view documents and perform other tasks from an external location.
NIST recommended the adoption of tunneling, direct application access, portal and remote desktop access methods to prevent unauthorized access to an organization’s computing resources.
These recommendations were based on the second revision of NIST Special Publication 800-46 and issued as more organizations allow remote work for employees during the coronavirus pandemic.