ISJ Exclusive: Best practices for secure home working

Today, I start my third week of working from home … with an overly full house. And yes, I’m happy to clarify. I’ve worked from home for the past 18 years and generally, enjoyed my quiet non-traditional office setting. But now, my husband is working remotely as well — and he is taking up bandwidth in various ways — and the kids are home from school. In addition, we have homeschooling requirements to meet. And it’s looking as though this reality will continue for some time.

Just like many of you, I am looking for ways to stay sane and connected as much as possible. I’ve spent time over the past few weeks talking with people about how to stay productive and efficient in a time of chaos, where and when to implement new tools and strategies to stay connected and focused on the tasks at hand.

There are challenges to embracing this “new normal” and for many of us, we must continue to push forward as though nothing has changed. But let’s face it, working from home is more complicated than merely logging into Slack, Skype, GoToMeeting or Zoom.

It’s important to consider other processes as well, such as what applications are most secure to share corporate information and data. And how can mission-critical stakeholders, such as those considered essential or in the government space, maintain compliance with data security regulations while being remote? There are a lot of questions, but thankfully, there is a wide array of tools to ensure safety and security while being out of the office.

As always, government recommendations can serve as an excellent basis on which to base your organisational recommendations. The Office of Budget and Management issued a memorandum (M-20-19) in response to the national emergency for COVID-19. Overall, it directs agencies to use the breadth of available technology capabilities to fulfill service gaps and deliver positive outcomes. Most of these directives can be addressed through the use of technology that is very much available (and proven) in today’s market.

Facilitating personnel productivity in a remote environment

When I mention mobile apps, I know visions of Monument Valley and your banking app come to mind, but mobile applications are also hugely valuable in high-security environments to streamline cybersecurity efforts and make remote work more accessible. Advanced mobile applications, designed for mission-critical environments, provide users with the ability to edit and sign PDF documents from their iPhone, iPad, or Android phone or tablet, using their CAC, PIV, or derived credential. Additionally, users can access two-factor websites; sign, encrypt and decrypt emails; and view, edit and create calendar events.

Even so, though there is a wide variety of solutions available that specialise in providing secure access from anywhere, it is important for users to remember that one size does not fit all.

Both native and third-party tools for web access and email, the two most common needs of an employee on their mobile device, are either completely absent or lack the features needed for enterprise deployment. Luckily, as manufacturers have pivoted to focus on product development as well as cybersecurity, they have developed a series of solutions to meet these challenges.

What that means is there is an entire suite of applications that provide users with the ability to use two-factor authentication to access websites and to sign, encrypt and decrypt email (S/MIME). Setting remote employees up for success requires more than downloading an app on a device. Employers should vet all potential options to ensure they are making selections with cybersecurity in mind.

With the increase in bring your own device (BYOD) movements in just about every organisation, mobile apps that allow users the ability to deliver and receive digital information and access essential services anytime, anywhere and on any device, are critical to everyday operations. This level of remote connectivity is vital to enabling users to mobilise at a moment’s notice while simultaneously retaining the ability to stay connected and secure.

Managing physical access to facilities

When managing physical access to facilities, agencies should prepare to accommodate personnel who are issued a new credential or that receive a certificate update during their absence from federal facilities. Some individuals might need to re-enroll in the physical access control system (PACS) for access to the facility.

With software integration and access to an outside network, modern access control solutions can offer remote PIV provisioning through an authoritative data source. Agencies can process mass re-enrollment and updates remotely. This process streamlines the provisioning of users across an organisation’s infrastructure and will make it easier to re-enroll individuals once the workforce returns to normal.

Whether users need to open an email or connect to the internet, it is crucial to take into account federal recommendations for maintaining cybersecurity. Luckily, we live in a world where technology providers strive to anticipate the environment our customers are facing, both in terms of technical requirements and functional capabilities.

As COVID-19 continues to wage chaos worldwide, I hope these tips and solutions for staying safe, smart and secure during this time of home working are of help to you. We’re all in this together and need to keep it that way. Until then, I’ll see you online.

By Brooke Grigsby, Director of Marketing, Identiv