COVID-19 Response: Resources and Best Practices on Secure Teleworking

The coronavirus outbreak has led to a dramatic increase in the number of people working from home. This change will help slow the spread of the disease. At the same time, it raises a range of new questions related to data security for organizations that are new to telework.

The materials collected on this page provide governments, businesses, and other organizations the tools and information they need to implement strong data security practices in this new environment.

The National Institute of Standards and Technology

The National Cybersecurity Center of Excellence at NIST has a variety of resources available to help organizations and their employees maintain security while implementing remote work.

  • Telework Security Basics
    • Follow your organization’s security policies for remote work.
    • Protect your communications from eavesdropping by securing your home wireless network and using a strong password on your wireless access point/router.
    • Consider using a VPN (virtual private network) on your telework device for stronger protection
    • If you must use a personal device not issued by your organization for business purposes, enable basic security features such as a PIN, password, or fingerprint to prevent others from accessing sensitive information.
    • Keep your computers, mobile devices, and software patched and updated.
    • If you experience unusual or suspicious behavior on your telework device, contact your organization’s IT department or help desk to report the activity.
    • Be on the lookout for phishing and social engineering scams related to COVID-19 or the sudden transition to telework. Be vigilant, verify the sender or any emails before taking action, and notify your IT department of any suspicious behavior.
  • Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
    • Limit the reuse of access codes.
    • Use one-time PINs or multi-factor authentication for access to meetings on sensitive topics.
    • Use a waiting room and don’t allow meetings to begin until the host joins.
    • Enable notification of attendees by playing a tone or announcing names.
    • Use a dashboard to monitor attendees and identify all generic attendees.
    • Don’t record the meeting unless it’s necessary.


Cybersecurity industry experts at Splunk are contributing to a blog series aimed at employers and employees adapting to the new remote work landscape, including topics such as: