Jun 24 2021

3 Best Practices for Returning Telework Devices Safely to the Workplace

Devices coming back to an onsite office after telework should be closely checked for malware.

The majority of federal employees have worked exclusively from home for more than a year due to the pandemic. This was an enormous and extremely rapid change, with full-time telework expanding from 3 percent of the workforce to 59 percent in a matter of days.

Agencies provided secure, managed desktops, laptops, smartphones and tablets for teleworkers’ home use, along with VPNs and other mechanisms for secure remote access to agency resources.

At long last, many agencies are preparing to reopen their facilities, and employees will soon be returning to their offices. They’ll be bringing back the agencies’ telework laptops and other devices, which will once again connect directly to agency networks.

This puts agency networks and systems at increased risk, as the telework devices have been in unsecured environments for a long time. They might be infected with malware, have unpatched software or have important security controls deactivated. Agencies should ensure each returning telework device is secure before allowing it to reconnect to agency networks.

The National Institute of Standards and Technology has guidelines on how to secure devices before they’re used for telework. We provide three best practices for agencies to follow to ensure that telework devices are safe to use when they return to onsite facilities and networks.

1. Require Returning Devices to Use Quarantine Networks

Dedicated quarantine networks isolate returning telework devices from an agency’s other devices and networks, often by using virtual LANs. Quarantine networks prevent anything malicious on the devices connected to them from spreading elsewhere.

By forcing each returning device to connect to a quarantine network, an agency can look for possible security incidents on the devices and initiate incident response processes as needed.

Here are some signs that agencies should look for:

  • Current malware infections are obviously a major concern, especially with ransomware becoming so commonplace.
  • Signs of prior compromise are also a concern. If a device has been compromised, it shouldn’t be trusted, even if there’s no sign that an attacker or malware is still present.
  • Unauthorized software installed on the device could indicate many things, such as an employee acquiring legitimate software independently to meet a critical agency need, an employee family member using the device for personal purposes — or an attacker installing tools to use against other agency systems.
  • Deactivated, uninstalled or misconfigured security and maintenance software could be a sign of trouble. Attackers and the malware and tools they use frequently shut off security and maintenance software so their activities will go unnoticed. Also, users may shut off software that they think is slowing down or interfering with their work, thus increasing the risk of compromise.

RELATED: How next-gen endpoint security tools protect remote federal workers. 

2. Decide How to Handle Each Device’s Reentry

Another reason to use a quarantine network is that it gives the agency the opportunity to assess the overall state of each asset and determine how to handle its re-entry into agency facilities.

Three possible re-entry options are:

  • Correct any device security problems. On the quarantine network, an agency can examine each device for problems and correct them before allowing the device to access other agency networks and systems. Examples of potential problems include missing patches, incorrect configuration settings and missing software (e.g., uninstalled tools).
  • Wipe and re-image the device. Transfer any data stored locally on the device to another location, then wipe and re-image. It might not be practical to do this for every device, but it could be prudent for devices that have experienced problems during telework or that have signs of compromise, malware infection, deactivated security software, etc.
  • Replace the device. Because devices have been away from the office for more than a year, some of them probably need to be replaced for reasons other than security, such as operational problems or hardware failures that can’t immediately be fixed. Other devices may need to be retired because they are no longer supported by their manufacturers, meaning that new vulnerabilities won’t be patched.

FREE RESOURCES: Get your agency ready for a new way to work.

3. Use This Opportunity to Shift to Zero-Trust Architecture

In May, the White House released an executive order that includes detailed guidance on next steps. Section 3 requires agencies to develop and implement plans for adopting zero-trust architecture. Those plans will certainly include all end-user devices.

The re-entry process for telework devices could provide a great opportunity to alter them so that they follow zero-trust principles and thus have stronger security.

Examples of what might be done include adding new security controls, changing existing security configuration settings, replacing existing credentials and tightening access control policies.