Canadian Government Executive - Volume 26 - Issue 04

10 / Canadian Government Executive // September/October 2020 PERSPECTIVE SPONSORED CONTENT A confluence of factors – including the increased use of personal devices, older hardware, unpatched software, unsecured networks, and a general lack of standard security policies and tools – make remote environments suscep- tible to malicious tactics including spear phishing and malware, as well as human error, and digital exposure through un- secured Wi-Fi connections. Clearly, more security management vigilance and safeguards need to be in place to address some common consid- erations for a remote workforce and the related potential security pitfalls: 1. Level of Security Awareness Not all employees have the same level of security awareness, in other words, not every employee is a security expert. A lack of knowledge or understanding can result in behaviour that unintentionally Security Considerations for the Dynamic Workforce W e live in a time where the idea of the public sector workforce staying con- nected and being produc- tive anywhere no longer is a benefit, it’s a necessity. Historically, government departments and agencies have offered remote work options both as a way to attract and retain top talent, and as a competi- tive differentiator that enabled agility. Additional benefits of this flexibility in- clude operational resiliency and work- force continuity. More importantly, remote work options have served to prepare these entities for extraordinary events – such as a blizzard, fire, or pandemic – that have the poten- tial to keep employees from reaching or accessing physical offices and facilities. It is crucial with remote work options that public sector leaders recognize the need to strengthen their organization’s security posture and establish the right levels of threat visibility and response to support and secure remote workers ef- fectively – in essence, driving a proactive strategy to stay ahead of threats in an ef- fort to minimize their impact on mission- critical services and operations. Today, these efforts are more urgent as large numbers of the public sec- tor workforce continue to adapt to the sudden, massive shift to a work-from- home/remote office model brought about by the impacts of the ongoing global health crisis. While digital technologies support the productivity of these workers, inher- ently there are more risks – and threat actors recognize these opportunities. Accordingly, they are taking advantage of this shift, accelerating their efforts to identify and exploit new security vulner- abilities in these remote office environ- ments. introduces cyber risk as employees con- nect to corporate assets. New methods, such as targeted phishing attempts and unencrypted communication of sensitive information can confuse and encourage users to open pathways to the organization. The impacts are exac- erbated by the current crisis: with more employees working remotely, criminals are thriving. 2. Shared Device It is reasonable to assume that when working from home, employees might share work devices and computers with family members. It is less reasonable to assume that family members will know, follow, and practice good security hy- giene implemented by the organization. For example, connecting an unknown USB drive or cable to a company-issued device can result in direct hacking and or the injection of malware. of the New Public Sector in Canada