With more federal employees performing more of their work away from their traditional workplace, the National Institute of Standards and Technology has drafted an update of “bring your own device” (BYOD) policies.
The draft guide provides recommendations for securing BYOD devices used for telework and other types of remote access.
“When a telework device uses remote access, it is essentially a logical extension of the organization’s own network. Therefore, if the telework device is not secured properly, it poses additional risk to not only the information that the teleworker accesses but also the organization’s other systems and networks. For example, a telework device infected with a worm could spread the worm through remote access to the organization’s internal computers. Therefore, telework devices should be secured properly and have their security maintained regularly,” it says.
It also contains this warning: “Before implementing any of the recommendations or suggestions in the guide, users should back up all data and verify the validity of the backups. Readers with little or no experience configuring personal computers, mobile devices, or home networks should seek assistance in applying the recommendations. Every telework device’s existing configuration and environment is unique, so changing its configuration could have unforeseen consequences, including loss of data and loss of device or application functionality.”
Many organizations limit the types of BYOD devices that can be used and which resources they can use, such as permitting BYOD laptops to access a limited set of resources and permitting all other BYOD devices to access webmail only. This allows organizations to limit the risk they incur from BYOD devices, it notes.
