What it could mean for Canadian companies?
It has been over a year now since a large number of Canadian knowledge workers – workers whose jobs involve handling or using information – started working from home. For some of us, it has been a dream come true – we have been able to wake up a little later, save an hour or more per day commuting to the office, and spend more time with family. Others however, miss the daily banter with their colleagues and the sense of a normal routine.
Overall, a lot of Canadian teleworkers workers seem to prefer a hybrid workspace, meaning the ability to work from home some days, and go into the office on others. Based on Stats Canada, eighty percent of current teleworkers indicated that they would like to work at least half of their hours from home once the pandemic is over.
Canadian companies are embracing the future of the hybrid working schedule and giving employees a choice in whether they have to return to the office. Deloitte Canada has already announced that they will give their staff total flexibility over where they want to work post-pandemic, and many companies are following suit. What will the hybrid workplace mean for Canadian companies?
The ability to source more diverse talent
Companies that give employees the flexibility from working from anywhere they’d like – office or home – will have the benefit of being able to recruit and hire the right talent from different cities or provinces in Canada, or diversify even further by recruiting globally. The benefits of expanding your talent pool outside of your city can include cost savings, hiring faster and diversification.
Less office space
Many companies will find that they will be able to fit their staff in half of the space they once used. Companies may start to lease out their office space, which will provide them with more capital to inject into other projects.
These companies may move away from traditional assigned offices and workspaces and focus on collaboration rooms where employees can come and go when they need to work from the office. Telus has announced that they will be incorporating a mix of coworking spaces, collaboration rooms and wellness stations as they give employees freedom to choose where they can work from.
A focus on Cybersecurity
Companies will need to focus on privacy and cybersecurity now more than ever. With the majority of employees working remotely, legal and private documents that normally would have been handled in person are being scanned and signed virtually. With the rise of DocuSign and similar software, paper copies have become a thing of the past in many organizations.
With a permanent shift towards remote work there exists a concern for how data is being accessed and stored. Companies may need to invest more in Cybersecurity infrastructure to ensure they remain privacy compliant for their clients, protect their employees and prevent data leaks.
The pandemic shifted our perception of what an office job should look that. One thing is certain; and it’s that remote work is here to stay for the majority of Canadian companies. Companies need to adapt and remain flexible to remain competitive and viable as they navigate through the new normal.
By: Joanna Ambros, MBA
Now that workplaces around the world are – more or less – functioning under some combination of remote work tools, a new set of security challenges has manifested itself. Cybersecurity risks like phishing scams, man-in-the-middle attacks, ransomware, evil twin attacks, passive sniffing, and many more cause even more sleepless nights for IT personnel tasked with maintaining their company’s security. But there might be light at the end of the tunnel with the concept of ‘Zero Trust’.
What is Zero Trust Security?
The Zero Trust concept focuses on the idea that an organization systematically refrains from automatically trusting anything inside or outside its perimeters. It might seem at first like this isn’t a great idea, but it is the foundation on which traditional security and access have been built. With a Zero trust strategy in play, everything must go through a rigorous verification process before any connection to its internal networks and programs can be permitted.
According to Charlie Gero, CTO of Enterprise, and Advanced Projects Group at Akamai Technologies, quoted in a 2018 CSO magazine article: Zero Trust boils down to “do not trust anyone.” In a nutshell, a Zero Trust solution creates “trust zones” that continuously identify, test and authenticate devices or users whenever they try to access resources on the internal company network. In a Zero Trust scenario, a hacker is barred from taking advantage of vulnerabilities.
Zero Trust was created by John Kindervag in 2010 when he was a principal analyst at research firm Forrester Research. Kindervag was part of Forrester’s security and risk team when he developed the Zero Trust model to expose the myth that internal networks were safe. One of Kindervag’s examples of how internal networks were vulnerable was with the American National Security Agency (NSA) whistleblower, Edward Snowden. Snowden had unfettered access to internal systems and stole classified documents, Kindervag said during a security roundtable hosted by Palo Alto Networks. Kindervag currently works for Palo Alto Networks. Snowden, as an IT contractor, did not ‘game’ or cheat the system. He simply used the access the (fundamentally flawed) system granted him.
Besides the Zero Trust strategy’s apparent data protection gains, one of the most significant benefits of the concept is that organizations can provide remote users with protected access to their organization’s applications with confidence. The converse applies equally, too – organizations can shut down access in a similarly efficient way.
An added advantage to Zero Trust is that organizations can significantly reduce the load on the VPN. It also increases the speed and ease of access to data, since Remote Desktop connections slow users down. During this COVID-19 pandemic with so many individuals working remotely, this could be a reliable solution to ease the stress on the system.
Zero Trust Deployment
Zero Trust may sound like an ideal solution during COVID-19 however, it is not an easy solution to implement. Organizations must adjust their IT budgets to accommodate a Zero Trust strategy since their current infrastructure may not be ready for it. A potential weak spot for Zero Trust maybe when a workforce uses personal computer equipment for business. The lack of endpoint security on those devices may trip up a Zero Trust environment. This will inevitably leave workers defenseless against a cyber-attack opening vital data to theft. However, solutions like Mobile Device Management facilitate a greater degree of control and will go some way to achieving a more secure position. These solutions, provided by Microsoft or JAMF, for example, solve this by automatically managing devices and deploying endpoint protection and encrypting the machines and assessing the devices for conditions of compliance before enabling further access.
Regardless if we’re in the middle of a pandemic or not, it’s never too late to get started formalizing a plan for Zero Trust. Implementing Zero Trust will take time, but organizations should consider starting with isolated trust zones, developing a pilot program, and selecting essential organization applications for remote access. As always, Jolera is here to help our partners on the journey to Zero Trust with our professional services and managed services like Manage IT and Secure IT Endpoint, offering 24/7 security and uptime for an organization’s environment.
The COVID-19 pandemic has disrupted our global economy and forced businesses to change the way they operate. The evolution of this virus and its socio-economic impact has made it difficult for many businesses to adapt their operations. However, through it all, Jolera has managed to maintain consistent and successful operations. We asked Jolera’s very own Chief Operating Officer, Manish Govindaraj, how the company managed to adapt and thrive during the global crisis while staying true to its people-first core values. Manish describes his team’s approach to enacting the company’s Business Continuity Plan (BCP), as well as their coordinated return to work strategy.
“For a business to continue operating under these situations of duress or crisis, you have to have an active and tested Business Continuity Plan. For us, as a SOC II Type II certified entity, we have been testing our BCP on a quarterly basis, not just because SOC II demands it, but also because it’s good business practice.” – Manish Govindaraj
According to Manish, the organization’s transition to remote operation meant balancing the safety of employees with the ideal productivity levels necessary to satisfy customers’ expectations. With hundreds of staff members operating globally, Jolera was identified as an essential service and aimed to “challenge ourselves to provide a seamless experience to our customers, as if nothing had changed,”. With hundreds of channel partners, thousands of end clients, and such depending on their services, company stakeholders recognized the importance of honouring commitments to both customers and employees alike.
“We are a true 24/7/365 entity, and that had to be held true while we were remote with all of our staff members. At the forefront of all of this was the importance to keep our employees safe, and as a result, keep our business safe.” – Manish Govindaraj
The company made the transition to total remote operation at the beginning of March, even before the government of Ontario declared a state of emergency. “We acted early, reducing the risk of exposing our staff members to the virus at the workplace; that was very important to us,” Manish reflected. In the best interest of employees, Manish led the initiative to remote operation with Jolera Inc’s Pandemic Response Team.
Together, they identified four key aspects to protect their people and their business:
1. Keep everyone safe
2. Deliver on customer mandates
3. Ensure operational security
4. Build a stronger Jolera community
Once employees safely transitioned to remote operation, the company introduced rigours to maintain and further improve productivity. Manish reported, “Through daily active management, collaboration and transparency through better reporting, we saw a Jolera community bond even closer together and a total rise in productivity.
As government-mandated restrictions began to ease around the world, businesses once again were challenged to transition their operations and safely re-open their doors. Before building any plan to re-open, Manish’s main objective was to create a sense of normalcy for workers in the physical office. With this goal in mind, Manish teamed up with Jolera’s Pandemic Response Team to build and execute a re-opening plan.
“We kept it somewhat simple. If you look at the government of Ontario’s plan, there are multiple phases, and we just distilled it down to two phases. In Phase 1, we begin operating our offices with a limited number of staff per location. This was to test physical distancing and safe practices at work. We did not put a number or target into play, simply because it was an elective approach where employees chose to be part of that phase and wanted to join back in the office. Phase 2 is going to be about returning to a sense of normal in alignment with guidance from our government.” – Manish Govindaraj
It was essential, to Manish, to source information from reliable government agencies when making decisions about opening the various offices across the globe. “Because we are so spread out and geographically dispersed, we had to factor in the diverse needs that existed based on where we were located geographically. The reality in Porto, Portugal, is very different from that of Toronto, Calgary or even Winnipeg.”
In addition to geographical diversities, local considerations unique to each building or operating site also had to be considered. Manish identified challenges associated with each operating site; “We needed to coordinate with building security and building management to ensure that our people could come in and start working.” Although prerequisites such as PPE, cleaning equipment and sanitization requirements were identified to ensure the offices were equipped to operate safely, individual employee considerations also needed to be accounted for.
“We made the decision not to include people who relied on public transit during Phase 1. Instead, we chose a subset of employees who would drive into work to limit their exposure to the public.” – Manish Govindaraj
Taking all of these factors into account, Manish identified, “the most important thing was to start building confidence among our people that we’ve taken the right actions in order to re-open our offices in a limited capacity.” Open communication and reviewing the plan with department leaders gave staff a full debrief of all the considerations that had been factored into building an executable return to work plan. Physical distancing and other new behaviours at the office have since been adopted to ensure that people are kept safe.
“When COVID-19 started surfacing as a distant threat, there was a lot of media hype about what it was, what it could be and where things could be heading. The narrative was morphing every day. As a leadership team, we agreed that we would look to government agencies and sources from within the governments of where our offices are located to guide our decisions and actions. We’ve been monitoring all of those sources for direction on what we needed to do relative to every point in time throughout this crisis. Whether it was before we invoked our BCP and Pandemic Plan or as we continue to monitor our evolving coordinated return to work plan, one size does not fit all – we had to tailor our plans according to the information that we were getting from the different government agencies.” – Manish Govindaraj
Manish credits Jolera’s readiness and resilience to the immensely talented and committed people within the organization.
“We had the comfort level going in [to remote operation] that our people can perform well remotely. We have a great team, and we have the right oversight and collaboration mechanisms in play. The team came together; they just fell right into the groove and delivered on their mandate. Overall, we are delivering on all the things that we need to deliver on, keeping both our customers and our teams satisfied.” – Manish Govindaraj
Many businesses have transitioned to a new operating model and are beginning to accept this new normal. With all the challenges facing our world today, one can assume that things will be different for a while. Organizations have begun to mobilize their workforce, and remote-work capabilities are becoming more flexible. Gone are the days when workers were tethered to a dedicated desktop and seated closely amongst their peers.
What does this mean for the security of organizations?
With an increased number of employees working off mobile devices such as laptops, tablets and mobile phones, users will often connect to unsecured networks to access work files. Without proper management of mobile devices, users are vulnerable to malicious attacks, and threat actors are ready to take advantage of this situation.
Here are three ways to help protect your remote workers and secure your organization’s data
1. Device Level Encryption
For many years, encryption has been a standard practice to help protect sensitive data from prying eyes. However, not all devices have device-level encryption settings turned on as a default. If you are an organization that is beholden to compliance, encryption helps to meet those requirements. With added endpoint security, you will have device management, centralized deployment, policy administration, and audit reporting capabilities for all devices associated with your network. This means that if a remote worker’s device becomes compromised, your company’s sensitive data will remain safe, and the infection will be isolated from the rest of your corporate network.
2. Managed Security
Security applications and devices, such as firewalls and Virtual Private Networks (VPNs), are an integral part of any layered security environment. Although these systems generally prevent unauthorized access to and from your network, the virtual alerts and threat identification that they provide usually remain unmonitored. To be effective, remote workers need to have confidence in their data protection systems when signing into their respective networks. Having 24/7 managed security affords your organization a more vigorous defence against potential threat actors. With Jolera’s layered managed security approach, your organization will have real-time alerting on threats filtered through our Security Information Event Management (SIEM) system. In addition to automated protection, live agents will analyze and remediate these threats through our Network Operations Centre (NOC) and Security Operations Centre (SOC).
3. Mobile Device Management
Mobile device management (MDM) enables organizations to ensure its remote workers’ data is always protected. The great thing about MDM is that it can integrate with services such as Office 365 and the Active Directory to control who has access and what they have access to within your network. MDM solutions also provide the ability to set rules and configure settings on personal devices to allow users to securely access company data and networks. MDM can deploy and authenticate apps on devices, both on-premises and remotely.
When deployed properly, MDM can increase the security of devices tenfold by pushing certificates to devices that are in the field, while preparing reports on these users and their devices for compliance purposes. It can also remotely wipe the device if it’s found that the device has been lost or stolen or deemed not in use by the organization.
Each of these security layers can help to protect sensitive data from breaches and threat actors. Managing a remote IT environment means that organizations require a 24/7/365 approach that includes monitoring, support, troubleshooting, maintenance, reporting and asset management for all end-user devices. The need for remote support and network security has become an essential part of business operations.
The curve may not be flat, but at many levels of government both in Canada and around the world, discussions about restarting the economy and reopening businesses are beginning. Strategies are starting to develop that will see people eventually get back to the office, stores, factories and other workplace locations they are used to going to for work.
As the new guidelines are developing, expect to see social or physical distancing and other forms of protective measures becoming a significant part of any get-back-to-work program.
What will these types of programs look like for organizations?
How can an individual who has spent the better part of March and all of April indoors begin to ready themselves for a return? Some clues can be found in the way other countries are dealing with the aftermath of COVID-19 lockdown.
In Austria, the aim was to start small and build from there. The European country only had small shops of 400 square meters open at first. These openings were under guard for security. Masks were mandated in these shops and on public transport. If the Austrian restart went well, then the country would look to open hotels, shopping malls and restaurants in two weeks.
Meanwhile, in Denmark, that country embarked on a more conservative staggered approach. What they wanted to do was avoid overcrowding in public areas and on public transit. The staggered approach also means people will be going back to work slowly and in different sections of the economy. Again, this is to avoid any mass gatherings.
The province of Ontario recently released its guide called “A Framework for Reopening the Province.” In this guide, the Government of Ontario’s goals are slightly different than those of Austria and Denmark. The Government of Ontario framework has the same overall priority, which is to protect the health and well-being of all its citizens. Ontario will have a focus on supporting healthcare workers, essential workers and businesses who have been working throughout the lockdown. Ontario will also have a staggered reopening approach, which will have three phases and between a two-to-four week evaluation period for each. You can read more about Ontario’s plan to reopen the province by clicking here.
Here are some tips to get yourself ready
Physically going back to work should start with you. Do your self-assessment to see if you are well enough to venture back to the office, shop or factory floor. If you are sick or not at 100 percent, inform your manager or company human resources professional and stay at home. Chances are you have not been tested for the Coronavirus. And, more than likely do not have the virus, but coming in with the sniffles will not lead to co-worker confidence in that the workplace is safe. Do your self-check, and don’t take any chances.
2. Spacious and clean work areas
Social distancing will continue in the workplace. Expect to be two metres or six feet from the next person. This will impact the lunchrooms and company lounges across the country. Don’t be surprised if they are closed off entirely. Expect to get staggered lunchtimes for employees and capacity levels, similar to what supermarkets are doing today. If you are in operations, it might be a good idea to review the current floor plan. Also, don’t be surprised to see shift cycles of being at home and work in workplaces with limited space. This means you might be working in the office on Monday but at home Tuesday. And, you will be asked to clean your area before you leave for the day thoroughly. And, if you keep a photo of your kids at your workstation, you may be asked to remove it. Overall work environment cleaning will increase dramatically and may occur during the workday.
3. Call ahead in-person meetings
Many great ideas got started around the water-cooler. Water cooler collaboration will not return immediately. And, the water-cooler may not even be available when you return. At least not right away. If you have a thought that you want to share with a co-worker, you’ll be asked to give that person a heads up electronically either via email or some other collaboration app before you walk over to that other person’s work area to brainstorm if allowed at all.
4. Workplace shifts
Government-imposed mandates on limiting the number of people in groups will have its place in any return to work policy. Get ready to have more Teams, Zoom, and WebEx sessions, while you are at the office. Do not be alarmed if your favourite co-worker is not at work when you arrive. There might be a return to work order where you will be placed in a shift. There will be several situations that arise where an individual will feel unsure of themselves returning to work after the COVID-19 restrictions are lifted. Employers will have very little choice but to accommodate them, especially early on.
5. Conference room capacity
Meeting rooms will have capacity limits. Those limits will be posted on the door. You may be asked to join a meeting inside your own office via a Teams, Zoom or WebEx session. If you do use the room, you will be asked to clean the room and wipe it down immediately afterwards. This will pose a unique challenge to in-person meetings with guests, and you may need to co-ordinate more online sessions. What could lead to an awkward situation is having guests go through a temperature scanner before they enter the boardroom. If your company or organization currently does not have any video conference technology, you may have to invest in a solution to have the use of meeting rooms.
6. Proper hand hygiene
Don’t be surprised to see several hand sanitization stations throughout your workplace, especially at entrances. Also, your organization will ask you to sanitize your hands before entering any area of the office, factory floor or retail space. Currently, people are wearing gloves to go to the supermarket. Gloves may not be appropriate for your working environment, but you can envision a situation where you may have to ask patrons or guests of your workplace to sanitize their hands before entering.
As you prepare yourself for a physical return to your previous workplace, do not expect the old norm, we’ll have to adjust to a new norm. As with all these decisions, organizations must take, they must be cautious and well thought out to protect the health and safety of their employees. Here at Jolera, we’re here to help with any concerns about organizing your company’s return to work. You can contact us anytime, and we hope you are staying safe and healthy.
With remote workers reaching unprecedented levels during the COVID-19 pandemic, strengthening Wi-Fi access points and the devices that access them is becoming a necessity. Unfortunately, very little thought has been given to Wi-Fi in the security landscape leaving many people vulnerable to hackers. Before the onset of the COVID-19 pandemic, people were using public Wi-Fi for collaborating with co-workers, outside suppliers and customers, along with friends. What made public Wi-Fi so useful was that it was widely available and, more importantly, free. As of last year, there were a total of 362 million public Wi-Fi hotspots available around the globe.
Know the types of Wi-Fi attacks to watch out for.
The most often used attack for WIFI is called Man-in-the-middle. Hackers use Man-in-the-middle to intercept data packets as they travel from the person’s computer to the WIFI network. Think of this as cyber-eaves dropping. The hacker has access to your files and can view your messages. For a man-in-the-middle attack to work, the hacker needs to be in the range of an unencrypted WIFI access point. Or has set up a rogue WIFI access point that the unsuspecting person signs in on.
Do you ever go into a Starbucks to work? You check for free WIFI, and you see two Starbucks access points available. You don’t give it a second thought and click on the wrong one. Well, that’s an Evil Twin situation, were the access point that looks legitimate, but isn’t.
One of the more famous Evil Twin attacks happened during the 2016 Republican National Convention, where 1,200 attendees connected to the IVOTETRUMP! Hotspot.
AirCrack, Passive Sniffing, Cowpathy and many more…
To prevent remote workers from these types of attack methods, what’s needed is to look at security more holistically. Many people, especially during this unique time, are unaware of the risks of using unsecured Wi-Fi. The organizations that these people work for also fail to take the proper precautions to protect remote workers wherever they are located and the data they access.
Ways to Protect Your Data
- Secured Wi-Fi As-a-Service
- Endpoint Protection
- Firewalls (Virtual / Physical)
- SIEM (Security Information & Event Management)
Organizations need to think of the whole picture instead of letting their deployed devices out in the wild. Data should be protected behind a Firewall, the devices accessing the data should be monitored and protected with endpoint protection. Instead of installing an access point and walking away, think of WIFI-as-a-Service, that includes a wireless access point but does much more such as advanced security information and event analysis, real live threat detection and remediation.
Each step taken builds upon your organization’s security posture and keeps both your users and your data safe and secure.