802
edits
Changes
Secure Remote Working - Overview (view source)
Revision as of 10:25, 20 July 2020
, 10:25, 20 July 2020→Documentation
{| class="wikitable" style="align:center; border-top: #000000 2px solid; border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1125px"
{| class="wikitable" style="align:center; border-top: #000000 2px solid; border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1125px"
|-
|-
! style="background: #2e73b6; color: red" width="250px" height="40px" scope="col" |[[Secure Remote Working |Overview and User Considerations]]
! style="background: #2e73b6; color: red" width="250px" height="40px" scope="col" |[[Secure Remote Working - Overview|Overview and User Considerations]]
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Teleworking Technical Considerations|Technical Considerations]]
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Remote Work Technical Considerations|Technical Considerations]]
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Use of Collaboration Tools|Secure Use of Collaboration Tools]]
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Use of Collaboration Tools|Secure Use of Collaboration Tools]]
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Remote Working - Device Considerations|Secure Remote Working - Device Considerations]]
! style="background: #2e73b6; color: white" width="250px" height="40px" scope="col" |[[Secure Remote Working - Device Considerations|Device Considerations]]
|}
|}
{| style="width:1125px;"
{| style="width:1125px;"
|Employee has an office but works from somewhere else.
|Employee has an office but works from somewhere else.
|}
|}
==Duty to Document==
Under the [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Directive on Service and Digital], employees are '''required''' to document their activities and <u>decisions of business value</u>. If any activities or decisions of business value are made while using department-approved or public cloud tools, then these must be captured (e.g., in a Word document) and saved in a departmental corporate repository (e.g., GCdocs) as soon as possible.
For more information, click [https://www.canada.ca/en/government/publicservice/covid-19/managing-government-information-working-remotely.html here].
==Threats and Challenges posed by Remote Working==
==Threats and Challenges posed by Remote Working==
Another issue with Hangouts is that it does not feature "end-to-end" encryption. In simple terms, it is only encrypted when it is being sent. This opens the door for eavesdropping on chats as well as Google having visibility on messages.
Another issue with Hangouts is that it does not feature "end-to-end" encryption. In simple terms, it is only encrypted when it is being sent. This opens the door for eavesdropping on chats as well as Google having visibility on messages.
===Cisco Webex===
Cisco Webex is the official enterprise teleconferencing solution for the Government of Canada offering dial-in call, video teleconferencing and messaging services across smartphones, tablets, and laptops. It is maintained by Cisco and supported by departments within the government for a more tailored solution. Although approved for use, best practices should be followed as if Cisco Webex was a non-managed third party app. It is important to remember that Cisco Webex is for UNCLASSIFIED use only. Some best practices when using Cisco Webex include:
*Not sharing PIN with those outside the meeting invite list.
*Set the room to lock when the meeting starts. This feature enables you to screen users that are requesting to join when the meeting starts.
*Require an account to be used with Webex.
*Accounts should be protected with a strong password/passphrase and two-factor authentication.
*Secure meetings with strong PIN/Password.
*Use entry/exit tone and announce name features.
*Avoid using the "Share Screen" feature. Instead, use "Share Application".
==Questions and Contact Information==
For questions and other enquiries please email [mailto:ZZTBSCYBERS@tbs-sct.gc.ca TBS-Cyber Security].
== References ==
== References ==
*[https://wiki.gccollab.ca/images/2/28/Guidance_for_the_Secure_Use_of_Collaboration_Tools.pdf Guidance For the Secure Use of Collaboration Tools - TBS]
*[https://wiki.gccollab.ca/images/2/28/Guidance_for_the_Secure_Use_of_Collaboration_Tools.pdf Guidance For the Secure Use of Collaboration Tools - TBS]
*[https://wiki.gccollab.ca/images/4/4e/Orientation_sur_la_facilitation_de_l%E2%80%99acc%C3%A8s_aux_services_Web.pdf Orientation sur la facilitation de l’accès aux services Web - SCT]
*[https://wiki.gccollab.ca/images/4/4e/Orientation_sur_la_facilitation_de_l%E2%80%99acc%C3%A8s_aux_services_Web.pdf Orientation sur la facilitation de l’accès aux services Web - SCT]
*[https://www.cisa.gov/sites/default/files/publications/CISA_Video_Conferencing_Tips_S508C.pdf Video Conferencing Tips - CISA]
===Collaborative Tool References===
===Collaborative Tool References===
*[https://onezero.medium.com/slack-zoom-google-hangouts-are-your-remote-work-apps-spying-on-you-cf1e33809cf7 Slack, Zoom, Google Hangouts: Are Your Remote Work Apps Spying on You?]
*[https://onezero.medium.com/slack-zoom-google-hangouts-are-your-remote-work-apps-spying-on-you-cf1e33809cf7 Slack, Zoom, Google Hangouts: Are Your Remote Work Apps Spying on You?]