Difference between revisions of "Secure Use of Collaboration Tools"
Line 35: | Line 35: | ||
*Public servants are encouraged to verify data retention requirements when using external tools, in accordance with the [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12742 TBS Policy on Information Management]. Some externally provided tools will retain your information even after you have deactivated your account | *Public servants are encouraged to verify data retention requirements when using external tools, in accordance with the [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12742 TBS Policy on Information Management]. Some externally provided tools will retain your information even after you have deactivated your account | ||
− | == | + | ==Do's and Don'ts== |
+ | {| class="wikitable" | ||
+ | |+ | ||
+ | !Do's | ||
+ | !Don'ts | ||
+ | |- | ||
+ | |Protect your identity by using privacy settings on all tools and devices, and limit the amount of information you provide on your profile page. | ||
+ | |Never share protected or sensitive information, unless you have express consent from your departmental information technology group. | ||
+ | |- | ||
+ | |Use strong authentication mechanisms (for example, multi-factor authentication) where possible to protect from unauthorized access and enable auto-lock of your device. | ||
+ | |Open unsolicited links, attachments, or when prompted to install any software. If you don’t know the sender or were not expecting to receive a link or attachment, think twice before opening. | ||
+ | |- | ||
+ | |Use unique passwords for every account, especially separate passwords for personal and work accounts. | ||
+ | |Do not re-use the same passwords that are used for your internal corporate credentials. | ||
+ | |- | ||
+ | |Be conscious of what you are sharing and with whom and assume that everything you share could be made public | ||
+ | |Use caution and avoid using untrusted networks or free Wi-Fi. | ||
+ | |- | ||
+ | |Use modern operating systems and web browsers that are maintained with up-to-date software and configured with appropriate hostbased protections. | ||
+ | |Never post or share passwords or credentials on web services and tools | ||
+ | |- | ||
+ | |Report any suspicious activity or security incidents so that your departmental security team can address the issue. | ||
+ | |Do not ignore SSL certificate errors and unsecure (e.g. HTTP) websites | ||
+ | |} | ||
== References == | == References == | ||
*[[:en:images/0/09/FR_-_Guide_de_démarrage_pour_participer_un_appel_Zoom.pdf|Guide de démarrage pour participer un appel Zoom - FR]] | *[[:en:images/0/09/FR_-_Guide_de_démarrage_pour_participer_un_appel_Zoom.pdf|Guide de démarrage pour participer un appel Zoom - FR]] | ||
|} | |} |
Revision as of 12:52, 30 March 2020
Overview and User Considerations | Technical Considerations | Secure Use of Collaboration Tools |
---|
BackgroundThe Government of Canada’s (GC) Policy on the Acceptable Network and Device Use (PANDU) recognizes that open access to modern tools is essential to transforming the way public servants work and serve Canadians. This policy requires that public servants have open access to the Internet, including GC and external tools and services that will enhance communication and digital collaboration, and encourage the sharing of knowledge and expertise to support innovation. Collaboration tools allow public servants to build and maintain interactive dialogue with the communities they serve. Examples include sites such as Twitter and LinkedIn; online presentation sharing tools such as Prezi or SlideShare; and real-time discussion tools such as Slack, to name a few. ConsiderationsFrom an IT Security standpoint, connections to external tools and services carry the same risks as other connections to the internet. However, departments should take into account that usage of these sites may require some form of identification of the individual and consequently, their association with an organization (e.g. a GC department or agency). Departments should consider the following:
Do's and Don'ts
References |