Thought leadership. Threat analysis. Cybersecurity news and alerts.
How to Facilitate Secure Remote Work Arrangements
The Government of Canada, in an effort to contain and prevent further spread of the new coronavirus disease (COVID-19), has urged all Canadians to stay home and practice social distancing. In the work environment, this means that Canadian businesses are urged to facilitate “remote work arrangements”.
The World Health Organization (WHO) on March 11, 2020 assessed COVID-19 as a pandemic. As of March 21, 2020, the Government of Canada reported 1,231 confirmed cases of COVID-19 in Canada, with 13 deaths. Worldwide, as of March 22, 2020, WHO reported 267,013 confirmed cases of COVID-19 and 11,201 deaths in 185 countries or territories.
“During this extraordinary time, the Government of Canada is taking strong action to help Canadian businesses as COVID-19 is affecting them, their employees and their families,” the Government of Canada said. The Government has urged all Canadians to stay home unless it is absolutely essential to go out, and to practice social distancing and good hygiene. “For businesses, this means facilitating flexible and remote work arrangements,” the Government said.
What Is Remote Work Arrangement?
Remote work arrangement allows workers to work from home whenever and wherever possible. This arrangement limits the number of workers on-site, thereby contributing to the efforts to contain the COVID-19 outbreak and prevent further spread.
Remote work, also known as telework, is nothing new. While remote work has been adopted by some sectors, this hasn’t achieved wide adoption.
Based on the 2016 data from Canada’s General Social Survey (GSS), 2.3 million paid workers or 12.7% of the total workforce of Canada telework at least an hour a week. Out of the 2.3 million Canadians that telework, more than 500,000 workers work for more than 15 hours per week.
According to the 2016 GSS data, remote work in Canada is associated with occupations that are most connected to the knowledge economy, with 36% of workers in the management sector, 24.3% in the education sector and 21.7% in nature and applied science sector telework.
The sudden shift from office work to remote work arrangement as a way to contain and prevent further spread of COVID-19 has caught many employers and employees off guard.
Remote Work Challenges
In a remote work arrangement, there are 2 things that need protection: the devices (those used by the remote workers and those used by remote employers) and the communication link.
One of the challenges of remote work in light of the COVID-19 outbreak is the fact that many organizations are forced to allow their staff to use their personal desktops, laptops or mobile devices as organizations have been unprepared to issue official or organization-owned devices.
Allowing staff to use their personal computers is, in itself, a security issue. Some of the security issues arising from the use of personal computers include:
Organizations offering remote work arrangements are similarly faced with the same device security challenge. Organizations’ devices are at risk of unauthorized access from malicious insiders to malicious outsiders. Outdated computers, such as outdated server operating system, also pose a security threat not just to the organization concerned but also to remote workers allowed to remotely access the organizations’ devices.
Best Practices in Facilitating Secure Remote Work Arrangement
Here are some of the best practices in facilitating secure remote work arrangement:
1. Practice Network Segmentation
Network segmentation refers to the practice of dividing your organization’s network into sub-networks. This practice ensures that in case one sub-network is compromised, the other sub-networks won’t be affected.
For the security of your organization’s network, it’s important to prevent non-IT remote workers from accessing your organization’s network.
For IT remote workers, network segmentation is specifically important. The negligence or malicious actions, for instance, of one remote worker who has access to a certain sub-network, won’t affect the other sub-networks especially those sub-networks that are critical to the operation of your organization.
2. Use VPN
VPN, short for virtual private network, acts as a secure tunnel between two endpoints: the remote worker’s device and your organization’s server. For example, a remote worker can use this VPN to send encrypted data to your organization’s server.
It’s important to use multi-factor authentication for all VPN connections. Multi-factor authentication for all VPN connections is particularly important as login credentials (VPN usernames and passwords) are sought after by cyber criminals. VPN login credentials are often stolen via phishing campaigns – campaigns that trick remote workers to click on malicious links or attachments contained in malicious emails that masquerade as coming from legitimate sources.
Clicking on these malicious links or attachments could lead to the downloading on the remote worker’s device of a malware that steals VPN login details. The use of multi-factor authentication in all VPN connections renders the theft of login details useless.
3. Keep All Devices Up to Date
Always keep your organization’s devices up to date by using devices that receive regular security updates, and by applying security updates in a timely manner. Applying security updates on server operating systems and VPNs should be the top priority.
Vulnerabilities in server operating systems and VPNs have in the past been exploited by malicious actors as these two are seen as gateways to victims’ networks.
On behalf of all staff we wish you and your families well. During these challenging times, we are ready to help those who needs assistance with minimizing IT and cybersecurity risks.
Need a few working remotely tips? Here are a few work from home productivity tips from our management team:
1. Dress for success
Even though you are working from home, always dress as if you were going to work. We found that it helps to set a proper mood and help motivation and demeanor.
2. Find a quite spot
Kids and pets are fun, and you need to be 100% focused on the task at hand to be productive. Every minute of distraction may set you back an hour.
3. Plan your day
Plan as if you were in the office. Keep your calendar up to date and let your co-workers know when you are available and when you are not to avoid scheduling conflicts.
4. Take breaks
Coffee breaks, and lunch are a must to stay rested and sharp. Even when you are working from home, your brain and your eyes still need rest.
5. Don’t check email
Well, most of us must check email, and we recommend checking your email twice a day to get more done. After all, if you are getting back to people the same day, it’s more than acceptable. If something is truly urgent, people will call you.
6. No social media
At least during business hours. Unless browsing social media is a part of your job, keep your mind focused and get more done.
Find the right apps and tools for your particular industry and spend the time automating as many menial tasks as possible. Many tools are free to use or cost very little yet save you a lot of time. If you don’t value your own time, no one else will.
Looking for cybersecurity and IT risk advice? Contact us today to speak with a cybersecurity expert. We offer complimentary advisory services to Canadian businesses of all sizes during the COVID-19 pandemic so that you and your organization remain safe.
Steve E. Driz, I.S.P., ITCP