We live in a time where the idea of the public sector workforce staying connected and being productive anywhere no longer is a benefit, it’s a necessity. 

Historically, government departments and agencies have offered remote work options both as a way to attract and retain top talent, and as a competitive differentiator that enabled agility. Additional benefits of this flexibility include operational resiliency and workforce continuity. 

More importantly, remote work options have served to prepare these entities for extraordinary events – such as a blizzard, fire, or pandemic – that have the potential to keep employees from reaching or accessing physical offices and facilities. 

It is crucial with remote work options that public sector leaders recognize the need to strengthen their organization’s security posture and establish the right levels of threat visibility and response to support and secure remote workers effectively – in essence, driving a proactive strategy to stay ahead of threats in an effort to minimize their impact on mission-critical services and operations.

Today, these efforts are more urgent as large numbers of the public sector workforce continue to adapt to the sudden, massive shift to a work-from-home/remote office model brought about by the impacts of the ongoing global health crisis.

While digital technologies support the productivity of these workers, inherently there are more risks – and threat actors recognize these opportunities. Accordingly, they are taking advantage of this shift, accelerating their efforts to identify and exploit new security vulnerabilities in these remote office environments. 

A confluence of factors – including the increased use of personal devices, older hardware, unpatched software, unsecured networks, and a general lack of standard security policies and tools – make remote environments susceptible to malicious tactics including spear phishing and malware, as well as human error, and digital exposure through unsecured Wi-Fi connections. 

Clearly, more security management vigilance and safeguards need to be in place to address some common considerations for a remote workforce and the related potential security pitfalls:

  1. Level of Security Awareness
    Not all employees have the same level of security awareness, in other words, not every employee is a security expert. A lack of knowledge or understanding can result in behaviour that unintentionally introduces cyber risk as employees connect to corporate assets. New methods, such as targeted phishing attempts and unencrypted communication of sensitive information can confuse and encourage users to open pathways to the organization. The impacts are exacerbated by the current crisis: with more employees working remotely, criminals are thriving. 
  2.  Shared Device
    It is reasonable to assume that when working from home, employees might share work devices and computers with family members. It is less reasonable to assume that family members will know, follow, and practice good security hygiene implemented by the organization. For example, connecting an unknown USB drive or cable to a company-issued device can result in direct hacking and or the injection of malware. 
  3.  The Home Network
    Connecting from a home network introduces risk, since there is no standard configuration for access technologies such as Wi-Fi. Additionally, employee devices are sharing the same access point with other connected personal devices and IoT devices such as webcams, smart home devices, and home printers. These devices typically do not have the latest security patches installed (again, the users are not security experts), creating additional risk and a potential point-of-entry into the remote environment – and ultimately posing a risk to the organization.
  4.  Reach of Corporate Security Controls
    Proxy servers, mail filters, IPS/IDS, and other corporate solutions may not play as significant a role in stopping threats when employees connect from outside of the corporate office environment. Also, if an employee’s work device is a BYOD, it may not have the same security protections as a company-issued laptop, tablet, or phone. With multiple employees accessing systems and applications remotely and at the same time, user and entity behavior analytics (UEBA) tools may have trouble establishing a new baseline for “normal behaviour” for each user, thereby reducing the tool’s ability to recognize atypical behaviour that may compromise the organization’s systems.
  5.  Hardened Devices
    Ensuring that a corporate-issued device remains patched and updated, and that antivirus and other security tools have the latest signature updates are ways to close security gaps, thereby hardening them against exploitation by criminals. These efforts, though, can be more challenging to implement with remote or dynamic workforces. Software patching, for instance, typically occurs during off-hours. Employees that deviate from the standard 9-to-5 workday to accommodate for childcare, eldercare, and other responsibilities may cause security updates to be delayed or paused, leaving security gaps unaddressed.    

Extending Visibility to the Dynamic Workforce

A virtual public sector workforce changes everything. Remote work poses new security challenges and alters the way an agency’s security team handles day-to-day access and how it narrows-in on potential insider threats, among other considerations. 

As we discussed in the previous section, there are common characteristics of a remote workforce that introduce new attack vectors. When these vulnerabilities –both system and human – are exploited by malicious actors, they can act as a path back to the agency’s network.   

Ongoing employee education and visibility are the best defences against these and other new risks – and should extend from the agency’s internal infrastructure to each endpoint. 

While user education can continue remotely, visibility into remote environments poses more of a challenge. 

RSA offers the following six recommendations for gaining visibility into the risks presented by a remote workforce: 

  1. Combine traditional log monitoring with capturing and monitoring network packets to see how threats are traversing the network – from user device, across the network infrastructure, and to the cloud. This includes VPN links and any other external entry point into the corporate network.
  2. Monitor activity across all endpoints, on and off the network, for deep visibility into their security state, and properly prioritize alerts when there is an issue. 
  3. Enhance rule-based or signature-based threat detection with the addition of advanced machine learning through UEBA and endpoint behaviour analytics to recognize anomalies that could indicate malicious intent and threats.
  4. Streamline the activities and processes across security teams to get to the heart of a problem quickly and efficiently. When an incident is recognized, a fast response provides a better chance to stop it before resources can be fully exploited.
  5. Understand both context and threat intelligence in order to increase detection capabilities based on known indicators of an identified attack and/or threat actor. 
  6. Use technology tools to automate monitoring and response to mitigate incidents before they impact the entity.

Conclusion

While remote work options have been in place, the impacts of the ongoing global health crisis have brought about an unprecedented shift in how – and where – we work. 

The resulting sudden, massive shift to a remote workforce has brought into focus the potential risks, and the need for the leaders of Canadian public sector entities to strengthen their organizations’ security posture. By establishing the right levels of threat visibility and response, leaders can support and secure remote workers effectively – and minimize the impact of threats on the organization.