According to the NSA, there are some basics Criteria, on the basis of which we can evaluate as safe or not the various tools teleconferencing and teleworking.
The NSA's advice is not limited to their government USA and military entities, but also to private sector.
The idea behind the NSA initiative is to give to the military, public and private organizations an overview of all the features of a tool so that IT staff can make the right decisions and choose tools that offer security.
According to the NSA document, the following questions indicate what criteria the teleconferencing / teleworking tools should have:
- Η service applies end-to-end (E2E) encryption;
- Uses strong E2E encryption, known encryption standards;
- There is a chance multi-factor authentication (MFA);
- Users can see and check who is connected to the sessions;
- Maybe the tool supplier shared data of users with third parties or partners?
- They can users securely delete data from the service and its repositories (both on the client and on the server)?
- He is source code of the tool public (eg open source);
- Has the service been approved for official use by the US government?
In the image below, you can see the evaluation of popular teleconferencing and teleworking tools in relation to these criteria:
The NSA released this security guide at the time, as many private sector employees, government officials and military members are working from home. coronavirus (COVID-19), and are increasingly based on teleworking tools.
Knowing the tools we choose and their safety is the first step in preventing attacks, the NSA said.