Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attackers Honing In On Teleworkers? How Organizations Can Secure Their Data

Cartoon of thief vacuuming info from a computer screen
Don’t let this happen to you! Protect you network from attackers stealing valuable network data through teleworkers and BYOD by using NIST guidance.
Credit: ©20logo3in1/Fotolia.com

As the number of employees who telework trends upward—and new kinds of devices are used in telework—the National Institute of Standards and Technology (NIST) is updating its guidance to include the latest technology available to strengthen an organization's remote-access data security.

"Organizations are realizing that many data breaches occur when attackers can steal important information from a network by first attacking computers used for telework," said Murugiah Souppaya, a NIST computer scientist. Those computers include bring-your-own-device (BYOD) smart phones and tablets, as well as laptops and mobile devices used by contractors and vendors.

Data breaches can also occur when sensitive organizational data is stored on unsecured laptops and mobile devices that can either be infected by malware or stolen.

"To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices," Souppaya explained.

NIST is revising its telework publications, published in 2009, to now cover the booming use of BYOD and the use of contractor and vendor devices to access organizational resources. The guidance also explains two new technologies that are critical in securing telework devices.

Virtual mobile infrastructure (VMI) technologies deliver a secure virtual environment to a mobile device used for telework. The VMI establishes a temporary secure environment when the teleworker needs to access the organization's data and applications. When the session is done, the environment is securely destroyed, leaving no traces of the data and applications on the mobile device.

Another newer technology, mobile device management (MDM), can enforce security policies on mobile devices, including BYOD and vendor/contractor devices, on behalf of the organization. For example, MDM software could check each mobile device for signs that the user has deactivated the device's built-in security controls, before allowing the mobile device to use the organization's computing resources.

The NIST publications recommend that teleworkers should understand their organization's policies and requirements and appropriate ways of protecting the organization's information that they access. They also call for organizations to strongly consider establishing a separate, external, dedicated network for BYOD devices if they are allowed in the organization.

NIST is seeking comments on the two draft publications—Special Publication 800-46 Rev. 2 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (Draft), and Special Publication 800-114 Rev. 1 User's Guide to Telework and Bring Your Own Device (BYOD) Security (Draft). The deadline for comments is April 15, 2016.

Released March 14, 2016, Updated February 1, 2023