Jump to: navigation, search

Secure Use of Collaboration Tools

3,572 bytes added, 08:04, 24 April 2020
no edit summary
{| class="wikitable" style="align:center; border-top: #000000 2px solid; border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1125px"
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Teleworking Remote Working - Overview|Overview and User Considerations]]! style="background: #2e73b6; color: redwhite" width="250px" height="40px" scope="col" |[[Secure Teleworking Remote Work Technical Considerations|Technical Considerations]]! style="background: #2e73b6; color: whitered" width="250px" height="40px" scope="col" |[[Secure Use of Collaboration Tools|Secure Use of Collaboration Tools]]! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Remote Working - Device Considerations|Device Considerations]]
{| style="width:1125px;"
| style="backgound:#2e73b6;width:1000px;text-align:left;weight:normal;" scope="col" |
==Heading 1Background==The Government of Canada’s (GC) [ Policy on the Acceptable Network and Device Use (PANDU)] recognizes thatopen access to modern tools is essential to transforming the way public servants work and serve Canadians.This policy requires that public servants have open access to the Internet, including GC and external tools andservices that will enhance communication and digital collaboration, and encourage the sharing of knowledgeand expertise to support innovation.
Collaboration tools allow public servants to build and maintain interactive dialogue with the communities they
serve. Examples include sites such as Twitter and LinkedIn; online presentation sharing tools such as Prezi or
SlideShare; and real-time discussion tools such as Slack, to name a few.
==Heading 2Considerations==By connecting via From an IT Security standpoint, connections to external tools and services carry the same risks as other connections to theinternet to potentially classified or sensitive applications or data. However, there are threats to departments should take into account that usage of these sites may require some form of identification of the safety individual and security of that informationconsequently, their association with an organization (e.g. a GC department or agency).
Security issues may includeDepartments should consider the following:*Lack of physical security - devices can be stolen, drives can be copied, or people can shoulder surf.*Unsecured Networks - connecting on networks that are unsecured such as cafe, hotel and other open public networks are easy targets for exploitation. *Providing Internal Access Externally - servers will be facing the internet therefore increasing the potential risk and vulnerability of being compromised.*Out of Date Software - When using personal devices system updates and patches cannot be guaranteed.
==Heading 3==*Posting of information on external tools and web services will likely divulge the origin of the information;As *All information posted on the internet, regardless of the employee will amount of time it is available, is effectively permanently recorded. There are no control provisions for any information once posted;*The nature of external tools and web services like social networking sites makes them appealing targets for malicious exploitation. These sites are inherently prone to malicious users providing links to malware content that can propagate to a department’s infrastructure; *Content on external tools such as Trello, Slack etc. may be connect via stored on servers located outside Canada thus the internet content along with associated user metadata can be monitored by non-Canadian and /or third party products, services or businesses;*Everything that is shared using external tools and web services could be subject to Access to Information and Privacy (ATIP). Public servants must ensure that information related to potentially classified data the mandate of the organisation and applications it /or contains decisions on government activities is important that measures properly captured and managed, following information management best practices; and *Public servants are taken encouraged to reduce verify data retention requirements when using external tools, in accordance with the risk of a security breach[ TBS Policy on Information Management].Some externally provided tools will retain your information even after you have deactivated your account
==Do's and Don'ts==
{| class="wikitable"
|Protect your identity by using privacy settings on all tools and devices, and limit the amount of information you provide on your profile page.
|Never share protected or sensitive information, unless you have express consent from your departmental information technology group.
|Use strong authentication mechanisms (for example, multi-factor authentication) where possible to protect from unauthorized access and enable auto-lock of your device.
|Open unsolicited links, attachments, or when prompted to install any software. If you don’t know the sender or were not expecting to receive a link or attachment, think twice before opening.
|Use unique passwords for every account, especially separate passwords for personal and work accounts.
|Do not re-use the same passwords that are used for your internal corporate credentials.
|Be conscious of what you are sharing and with whom and assume that everything you share could be made public
|Use caution and avoid using untrusted networks or free Wi-Fi.
|Use modern operating systems and web browsers that are maintained with up-to-date software and configured with appropriate hostbased protections.
|Never post or share passwords or credentials on web services and tools
|Report any suspicious activity or security incidents so that your departmental security team can address the issue.
|Do not ignore SSL certificate errors and unsecure (e.g. HTTP) websites
== References ==
*[[:enémarrage_pour_participer_un_appel_ZoomGuidance_for_the_Secure_Use_of_Collaboration_Tools.pdf|Guide de démarrage pour participer un appel Zoom - FR]Guidance for the Secure Use of Collaboration Tools]

Navigation menu