Sergey Ozhegov, CEO at SearchInform, a risk management solution provider represented in the MENA region, discusses the key issues companies are currently facing.
As many businesses are observing the 24-hour curfew in Dubai now, prolonged curfew in Saudi Arabia, moving 80% of workforce to remote work in Qatar, employers are asked to provide their team with all the needed gadgets for working from home and ensure secure remote communication between an employee and a company.
Remote work poses some questions whereas remote work from home can become a problem if there are no proper controls in place and a company never implemented employee monitoring software within the corporate perimeter.
Cybersecurity is threatened and the number of attacks can rocket as remote employees trying to connect to the corporate system are like a bait for a hacker.
Delivery, telecoms, online services, digital media will be both the most targeted and the busiest sources. The Internet providers, telecommunication companies are now embracing extra demand and dealing with an overload, they appear to be on the roll as many people have to self-isolate.
Zoom security has already been compromised as well as some Google communication apps.
Remote access software sales will be increased. Specially those companies which are new to monitoring remote teams and remote management are now showing an escalating concern and demand for the products that can ensure the fastest implementation requiring as little efforts as possible in urgent situation. Barracuda Networks security software provider captured the surge of phishing attacks building up on the current healthcare situation.
Besides monitoring tools there has been the rising demand for conference systems and VoIP.
The frequency of such searches as “time tracking app” and “time tracking software” keeps increasing as project management as well as project risk management go through the delicate relocation stages, all the established processes and policies need to be reconsidered.
Digital workplaces, centralised application management system, security solutions for devices have grown in demand. Although cloud servers and cloud security solutions have been growing in popularity, even more organisations have been shifting to cloud storages these days.
When we think of number one services to go remote and make our work stride along, we mention such instruments as remote access software, VoIP, time tracking applications, cloud solutions, hardware and video conferencing equipment, security solutions for personal devices, VPN and many more. As VPN is definitely the number one tool for businesses going remote, let’s have a look at what should be regarded:
- The need for additional bandwidth
- Service availability monitoring is configured
- Stronger control of the increased data traffic
If you have already implemented information security and risk management solution in your company, make sure that:
- remote employees, who are working with corporate laptops with installed monitoring software, have all the data transferred via the Internet using port forwarding on a proxy server
- employees, who work with their own devices at home, connect to a terminal server or VDI with the installed software which transfers data to the server of the solution you chose to protect your system
Remote work might raise concern regarding personal data issues. Customer data will still have the same security policies for a company to comply with, whereas employee confidential information can be exposed more than it gets at the workplace. Employers will have to rethink the limits in their monitoring practices, in case employees are using their own laptops and smartphones for work purposes the privacy of staffers should be ensured. That is why it is so important that the data transfer channels are decided on and the communication “protocol” is respected, both employers and employees should be subordinate to automated control guaranteed by monitoring solutions.
Some services take the lead as many companies aren’t too much enthusiastic about deploying a new product and learning to implement it opting for professional support of technology brands offering services with their own remote specialists.
The elaborate business network which usually includes a number of third parties, contractors, vendors and suppliers poses an extra threat to cybersecurity. Even if you provided your corporate system with a proper monitoring solution your partners might have a different approach lacking thoroughness. In this case access control system and access management becomes central.
DoorDash, T-Mobile and Marriott had to deal with a data breach due to third-party security issues.
One of the problems which should be tackled is the amount of devices from which a user can connect to corporate assets. Employees often have laptops allocated to them at the workplace but when they work from home or anywhere outside the office they might use as many personal devices as they want if their employers allow access from private laptops or smartphones. In case no specific device usage guidance or governance is in place then a company might want to consider introduction of some rules.
You should also keep in mind that an employee can have a weak Wi-Fi password at home, use free Wi-Fi anywhere else or simply disregard security measures which are usually taken at work, visit unsafe and suspicious websites, install harmful software, etc.
Remember to maintain a specific approach to user performance and safety while working at home as it differs from productivity and information security issues in the workplace:
- Employees can work fewer or more work hours, their workday might start early in the morning while someone will be working till late, time tracking software can be indispensable in many companies.
- Remind the team that confidential information should be kept hidden from friends and relatives who live with them at home. If your staff members prefer to work with their own devices, personal laptops, smartphones, ask them to be watchful about their gadgets.
UEBA technology is responsible for human factor negating, user behaviour can change as an employee might feel more carefree or negligent outside the office. The technology detects suspicious activity such as abnormal amount of emails sent or implausible event sequence pointing at possible access sharing.
Integrated DLP is a selective solution for specific needs, you may choose channels which require control. Remote work demands that cloud, Skype, laptop versions of popular messengers, corporate email should be monitored and properly protected.