HomeWhat We DoCybersecurityTelework and Mobile Security Guidance

Telework and Mobile Security Guidance

End User Telework and Network Security Guides

Here are a subset of NSA’s cybersecurity products focused on telework and general network security guidance compiled below for ease of access. While all include resources applicable to the general end user, some also delve into more technical solutions as well.

To view all of NSA's published cybersecurity products, go to our Cybersecurity Advisories & Technical Guidance page here.

Telework Best Practices

View Full Report

This joint NSA/DHS CISA slicksheet was designed during the era of COVID-19 to provide a list of “dos and don’ts” as they relate to telework. Helpful for end users using government-owned or personal devices.

Mobile Device Best Practices

View Full Report

This succinct guidance details steps end users may take to better protect their mobile devices and data.

Selecting and Safely Using Collaboration Services

View Executive Summary | View Full Report

This document provides security assessment guidance about commercially available collaboration services to enable the Department of Defense and other U.S. Government customers to most securely use collaboration platforms who do not have access to a government provided tools, accounts, or equipment.

Best Practices for Securing Your Home Network

View Full Report

Don't be a victim; cyber criminals may leverage your home network to gain access to personal, private, and confidential information. Help protect yourself and your family by observing some basic guidelines and implementing the following mitigations on your home network.

Identity Theft Threat and Mitigations

View Full Report

Criminals can use a multitude of methods to obtain personally identifiable information, which can be used to carry out malicious actions. Personal protection from these actors must be dealt with on all fronts, as a layered approach. The information provided in this document is designed to help individuals protect themselves against identity theft and mitigate the risk.

Steps to Securing Web Browsing

View Full Report

Web browsers pose a unique risk to enterprise infrastructure because of their frequent exposure to untrusted dynamic content. Configuring browser security settings is challenging due to uncertainty of both attack mitigation effectiveness and impact on end users. A key goal of this paper is to avoid impact to users while also mitigating as many attacks as possible.

Mitigating Recent VPN Vulnerabilities

View Full Report

Multiple Nation State Advanced Persistent Threat actors are weaponizing known vulnerabilities to gain access to VPN devices. This document shares actions for compromise recovery and long-term hardening. Helpful for any net defenders or end users responsible for maintaining VPNs.

Securing IPSec Virtual Private Networks (VPNs)

View Full Report

This identifies common VPN misconfigurations and vulnerabilities and an overview of the ways to secure your VPN.

Configuring IPSec Virtual Private Networks (VPNs)

View Full Report

This guidance provides a more in-depth look at how to implement specific configurations for securing and maintaining secure VPN connections.

NSA’s Top Ten Cybersecurity Mitigation Strategies

These strategies detail methods to counter a broad range of advanced cyber threats. The information included will help drive robust conversation about network security and risk management on your organization’s networks and are also helpful for individuals looking to better understand any of these mitigations. The Top 10 are ranked based on threat intelligence findings and cybersecurity expertise for effectiveness against known adversary tactics.

  1. Update and Upgrade Software Immediately
  2. Defend Privileges and Accounts
  3. Enforce Signed Software Execution Policy
  4. Exercise a System Recovery Plan
  5. Actively Manage Systems and Configurations
  6. Continuously Hunt for Network Intrusions
  7. Leverage Modern Hardware Security Features
  8. Segment Networks and Deploy Application Aware Defenses
  9. Integrate Threat Reputation Services
  10. Transition to Multi-Factor AuthenticationView Full Report