Defense Agency Renews Antivirus Software Subscription for Workers’ Home Use

jijomathaidesigners/Shutterstock.com

The one-year license excludes contractors from a crucial factor in secure “maximum telework.”

As the coronavirus pandemic grows the ranks of teleworkers, the Defense Information Systems Agency is imploring Defense Department employees to take advantage of the agency re-upping its home-use antivirus program with vendor McAfee.

“Recognizing a need, DISA and the DoD have renewed their antivirus home use programs,” reads a news bulletin the agency posted Monday. “The DoD antivirus software license agreement with McAfee allows active DoD employees to utilize the anti-virus software for home use.”

Government agencies and departments have struggled to implement the administration’s “maximum telework” policy as more remote users strain their networks. 

Antivirus software is necessary to protect systems against the most common threat vector malicious actors are using during the pandemic: malware intrusion via phishing.

The administration updated its teleworking guidance to include contractors but the DISA bulletin notes that that significant segment of the workforce will not have access to the antivirus software. 

“Home use of the anti-virus products will not only protect personal PCs, but will also potentially lessen the threat of malicious logic being introduced to the workplace and compromising DoD networks,” reads the DISA bulletin. “Contractors are excluded from using the software at home or on any other system not belonging to the DoD.” 

There is no shortage of stakeholders weighing in on how teleworkers can protect their systems as the need for social distancing continues. The necessary measures—updating software, using multifactor authentication, training employees on how to avoid falling for fake emails—are mostly the same basic actions authorities have been encouraging internet users to implement for years.

“The good news for businesses and employees is that smart working-from-home security looks a lot like working-from-the-office security,” wrote David Forscey, managing director of the Aspen Institute’s Cybersecurity Group in a post Tuesday. “Businesses and individual employees can protect themselves against predatory criminals through relatively straightforward, low-cost, time-tested security measures.”

In a post on “virus basics,” the Cybersecurity and Infrastructure Security Agency said using a text-only format can limit the chances of downloading a virus by simply opening an email.

Beyond the basics, one feature the pandemic may give a lift to is the greater use of biometrics for cybersecurity.

CISA, along with DISA and industry stakeholders, is eager to end the use of identifiers such as Social Security numbers for access control. Instead, officials are exploring technology that would rely on unique identifiers such as a person’s facial features, their voice, or even their gait.

“Simply enabling the password, PIN, fingerprint, or facial ID feature will prevent people from getting on your device should you walk away from it,” the National Institute of Standards and Technology advised in a one-pager of six basic tips for teleworking.

More broadly, NIST and CISA officials point to Special Publication 800-46 Rev 2, a “Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security,” as a resource.

For further assistance, The International Association of Information Technology Asset Managers is offering a free class on mobile asset management March 26.

“We know that U.S. companies and agencies are struggling—or soon will be—as they send workers home and find that they don’t have a handle on dealing with unknown personal devices that will now be used to do business and retain sensitive corporate data,” president and CEO Barbara Rembiesa said in a press release.