1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

3/22/2020

0 Comments

How to Facilitate Secure Remote Work Arrangements, Plus, 7 Helpful Tips

 
secure remote work

How to Facilitate Secure Remote Work Arrangements

The Government of Canada, in an effort to contain and prevent further spread of the new coronavirus disease (COVID-19), has urged all Canadians to stay home and practice social distancing. In the work environment, this means that Canadian businesses are urged to facilitate “remote work arrangements”.

The World Health Organization (WHO) on March 11, 2020 assessed COVID-19 as a pandemic. As of March 21, 2020, the Government of Canada reported 1,231 confirmed cases of COVID-19 in Canada, with 13 deaths. Worldwide, as of March 22, 2020, WHO reported 267,013 confirmed cases of COVID-19 and 11,201 deaths in 185 countries or territories.

“During this extraordinary time, the Government of Canada is taking strong action to help Canadian businesses as COVID-19 is affecting them, their employees and their families,” the Government of Canada said. The Government has urged all Canadians to stay home unless it is absolutely essential to go out, and to practice social distancing and good hygiene. “For businesses, this means facilitating flexible and remote work arrangements,” the Government said.

What Is Remote Work Arrangement?

Remote work arrangement allows workers to work from home whenever and wherever possible. This arrangement limits the number of workers on-site, thereby contributing to the efforts to contain the COVID-19 outbreak and prevent further spread.

Remote work, also known as telework, is nothing new. While remote work has been adopted by some sectors, this hasn’t achieved wide adoption. 

Based on the 2016 data from Canada’s General Social Survey (GSS), 2.3 million paid workers or 12.7% of the total workforce of Canada telework at least an hour a week. Out of the 2.3 million Canadians that telework, more than 500,000 workers work for more than 15 hours per week.

According to the 2016 GSS data, remote work in Canada is associated with occupations that are most connected to the knowledge economy, with 36% of workers in the management sector, 24.3% in the education sector and 21.7% in nature and applied science sector telework.

The sudden shift from office work to remote work arrangement as a way to contain and prevent further spread of COVID-19 has caught many employers and employees off guard.

Remote Work Challenges

In a remote work arrangement, there are 2 things that need protection: the devices (those used by the remote workers and those used by remote employers) and the communication link.

One of the challenges of remote work in light of the COVID-19 outbreak is the fact that many organizations are forced to allow their staff to use their personal desktops, laptops or mobile devices as organizations have been unprepared to issue official or organization-owned devices.

Allowing staff to use their personal computers is, in itself, a security issue. Some of the security issues arising from the use of personal computers include:

  • Unauthorized use of the device other than the remote worker. This includes family members or thieves in case of stolen computers; and
  • Outdated computers – those that no longer receive security updates from software vendors or failure on the part of the worker to apply security updates.

Organizations offering remote work arrangements are similarly faced with the same device security challenge. Organizations’ devices are at risk of unauthorized access from malicious insiders to malicious outsiders. Outdated computers, such as outdated server operating system, also pose a security threat not just to the organization concerned but also to remote workers allowed to remotely access the organizations’ devices.

Best Practices in Facilitating Secure Remote Work Arrangement

Here are some of the best practices in facilitating secure remote work arrangement:

1. Practice Network Segmentation

Network segmentation refers to the practice of dividing your organization’s network into sub-networks. This practice ensures that in case one sub-network is compromised, the other sub-networks won’t be affected.

For the security of your organization’s network, it’s important to prevent non-IT remote workers from accessing your organization’s network.

For IT remote workers, network segmentation is specifically important. The negligence or malicious actions, for instance, of one remote worker who has access to a certain sub-network, won’t affect the other sub-networks especially those sub-networks that are critical to the operation of your organization.

2. Use VPN

VPN, short for virtual private network, acts as a secure tunnel between two endpoints: the remote worker’s device and your organization’s server. For example, a remote worker can use this VPN to send encrypted data to your organization’s server.

It’s important to use multi-factor authentication for all VPN connections. Multi-factor authentication for all VPN connections is particularly important as login credentials (VPN usernames and passwords) are sought after by cyber criminals. VPN login credentials are often stolen via phishing campaigns – campaigns that trick remote workers to click on malicious links or attachments contained in malicious emails that masquerade as coming from legitimate sources.

Clicking on these malicious links or attachments could lead to the downloading on the remote worker’s device of a malware that steals VPN login details. The use of multi-factor authentication in all VPN connections renders the theft of login details useless.

3. Keep All Devices Up to Date 

Always keep your organization’s devices up to date by using devices that receive regular security updates, and by applying security updates in a timely manner. Applying security updates on server operating systems and VPNs should be the top priority.

Vulnerabilities in server operating systems and VPNs have in the past been exploited by malicious actors as these two are seen as gateways to victims’ networks.

On behalf of all staff we wish you and your families well. During these challenging times, we are ready to help those who needs assistance with minimizing IT and cybersecurity risks.

Need a few working remotely tips? Here are a few work from home productivity tips from our management team:

1. Dress for success

Even though you are working from home, always dress as if you were going to work. We found that it helps to set a proper mood and help motivation and demeanor.

2. Find a quite spot

Kids and pets are fun, and you need to be 100% focused on the task at hand to be productive. Every minute of distraction may set you back an hour.

3. Plan your day

Plan as if you were in the office. Keep your calendar up to date and let your co-workers know when you are available and when you are not to avoid scheduling conflicts.

4. Take breaks

Coffee breaks, and lunch are a must to stay rested and sharp. Even when you are working from home, your brain and your eyes still need rest.

5. Don’t check email

Well, most of us must check email, and we recommend checking your email twice a day to get more done. After all, if you are getting back to people the same day, it’s more than acceptable. If something is truly urgent, people will call you.

6. No social media

At least during business hours. Unless browsing social media is a part of your job, keep your mind focused and get more done.

7. Automate

Find the right apps and tools for your particular industry and spend the time automating as many menial tasks as possible. Many tools are free to use or cost very little yet save you a lot of time. If you don’t value your own time, no one else will.

Looking for cybersecurity and IT risk advice? Contact us today to speak with a cybersecurity expert. We offer complimentary advisory services to Canadian businesses of all sizes during the COVID-19 pandemic so that you and your organization remain safe.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit