Difference between revisions of "Secure Remote Working - Overview"
Line 48: | Line 48: | ||
Employees should always use department-sanctioned tools for collaboration with colleagues, starting with Microsoft Teams (at Protected B if your departmental tenancy has been accredited to that level, or unclassified otherwise), then moving to other sanctioned tools such as GCTools or WebEx. If those options aren’t available, then the [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=27122 Policy on Acceptable Network and Device Use] does allow usage of public cloud tools such as Slack, Zoom or Google Hangouts for '''unclassified''' work only. However, there are some privacy issues that need to be recognized before using these applications. It is important to remember that these applications are <u>never</u> to be used for any sensitive or classified work. | Employees should always use department-sanctioned tools for collaboration with colleagues, starting with Microsoft Teams (at Protected B if your departmental tenancy has been accredited to that level, or unclassified otherwise), then moving to other sanctioned tools such as GCTools or WebEx. If those options aren’t available, then the [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=27122 Policy on Acceptable Network and Device Use] does allow usage of public cloud tools such as Slack, Zoom or Google Hangouts for '''unclassified''' work only. However, there are some privacy issues that need to be recognized before using these applications. It is important to remember that these applications are <u>never</u> to be used for any sensitive or classified work. | ||
− | Settings and features that can help keep | + | Settings and features that can help keep teleconferencing secure are: |
*Disable guest screen sharing | *Disable guest screen sharing |
Revision as of 14:43, 3 April 2020
Overview and User Considerations | Technical Considerations | Secure Use of Collaboration Tools |
---|
What is Teleworking?Teleworking by definition is an arrangement between an employee and the employer in which the employee does not commute to their physical work space, but can use the internet and other digital mediums to complete work. With recent events, teleworking has become more popular than previously before and will continue to get more popular as technology evolves. Threats and Challenges posed by TeleworkingBy connecting via the internet to potentially classified or sensitive applications or data, there are threats to the safety and security of that information. Security issues may include:
For more information please see the references section. Recommended Security MeasuresIt is important to realize that because Teleworking uses the internet for connectivity, it may be a target for compromise. That being said, some helpful measures that employees can take to keep information secure are: Device Considerations
Service ConsiderationsSome general things to consider when using these applications include:
Privacy and Security of Collaborative ToolsEmployees should always use department-sanctioned tools for collaboration with colleagues, starting with Microsoft Teams (at Protected B if your departmental tenancy has been accredited to that level, or unclassified otherwise), then moving to other sanctioned tools such as GCTools or WebEx. If those options aren’t available, then the Policy on Acceptable Network and Device Use does allow usage of public cloud tools such as Slack, Zoom or Google Hangouts for unclassified work only. However, there are some privacy issues that need to be recognized before using these applications. It is important to remember that these applications are never to be used for any sensitive or classified work. Settings and features that can help keep teleconferencing secure are:
SlackWhen using a paid license of the application, a feature is unlocked that allows HR and management personnel to export ALL chats. Not only can group chats be exported but also chats that are between you and a colleague that is sent in a private chat. This feature cannot be enabled in the free license. It is important to note that Slack does store data regardless of the license, including after 10,000 messages in the free version. Slack also retains data such as links, passwords, usernames and chats, however does have options to customize policies on data retention. ZoomZoom has a feature that tracks attention to the webcam in order to see who is actively in the video chat. If a presenter is sharing their screen and a user minimizes the window or leaves their device, a notification will be sent to the meeting hosts. It should be noted that Zoom does not record activity on the device nor does it capture video with this setting. When a meeting is created, Zoom generates a seemingly random ID that is 9 to 11 digits long. For someone with computing resources, this can easily be cracked allowing malicious actors to join the call. For more information on how to create a Zoom conference, please see the guide in the references section or click here. Google HangoutsGoogle hangouts does indeed require a Google account. It is best to use a work account if possible, to avoid details being linked together exposing private interests, and personal activity online when using that Google account. Details such as names, phone numbers, usernames and other information can be pieced together which can be exposed as a single entity in order to exploit other personal information and interests. Google stores images that have been sent through hangouts to a public url, meaning anyone can technically see the image provided they have the correct url. Another issue with Hangouts is that it does not feature "end-to-end" encryption. In simple terms, it is only encrypted when it is being sent. This opens the door for eavesdropping on chats as well as Google having visibility on messages. ReferencesDocumentation
Collaborative Tool References
|