For the recent three months, many companies have had to quickly reorganise their work processes and switch to online regime in order not to lose their position in the market. In this situation, the issue of how to ensure information security and mitigate the risk of data leakage is of critical importance. Aleksandra Vakhrusheva, Internal Project Manager of the Business-Process Optimisation and Regulation Department of BDO Unicon Outsourcing, comments as follows.
EQUIPMENT
Our team has not been dramatically surprised by the recent sudden changes, as before mass transition to work from home, the company already had some experience of transferring employees to work remotely. Under normal circumstances, just over 10% of the company's employees work from home on a full-time basis. Nowadays, almost every employee performs their duties from home, coming to the office only when it is absolutely necessary, taking all the safety measures.
During the first non-working week, we managed to switch about 90% of employees to remote regime, all the rest being switched within the rest of time.
Prior to such mass transition to online mode, employees received a questionnaire for us to understand whether information security conditions would be ensured in each particular case. We studied the matter down to the last details:
-
availability of a personal computer/notebook not in shared use;
-
stability of the Internet connection;
-
etc.
One should make sure that the employee's home environment and equipment meet the security requirements in advance. If there are any problems with the equipment, colleagues, especially those working with customer data, are given service laptops. Besides, for convenience of employees, system administrators provide additional equipment, such as a second monitor or headset, if necessary.
There were no problems with mobile communications: BDO Unicon Outsourcing replaced landline communications with corporate mobile networks long ago. This allowed us not to buy SIM cards and set up a separate phone line. These changes have not affected the customers in any way, which is a significant advantage.
FOREWARNED IS FOREARMED
The internal policies of BDO ensured the information security regardless of the employee’s location long before the quarantine. However, now, the set of rules for working with customer data is twice as strict. Therefore, in view of such a large proportion of employees working online, the first thing you need to take care of is a detailed instruction containing the rules for working away from office. This should involve:
-
regular amendment of passwords;
-
blocking of personal computers;
-
availability of licensed antivirus software.
The more accurate and appropriately formulated your instructions are, the easier it will be for you to monitor the security of data that hundreds of employees and customers deal with every day. In view of such continuous variation is restrictive controls, you should be ready to explain to people how this will affect their work, in particular, and the company as a whole.
The instructions for working with confidential data should not be underestimated. Transition to the remote mode or working in a new environment is surely stressful for employees. In such a rush, not everyone can implement adequate security controls. Therefore, the best practices should be periodic reminders and instructions about information security requirements.
Though being quite simple at first glance, these rules can prevent the threat of data leakage. Blocking your computer before leaving must become a habit not only when working in the office, but also from home, while downloading files from suspicious Internet resources must be completely excluded.
Besides, we also strongly ask our colleagues not to use corporate networks for personal purposes, such as visiting social networks or suspicious sites in their service browser. The use of external storage devices is also discouraged, so as not to introduce malware or lose all documents.
It is worth noting that access rights are strictly defined and controlled both in normal conditions when working from the office and when working from home. Remote connection is arranged via secure channels, which allows you to access the BDO network in a safe manner from anywhere. Each employee has their own "space" within the company's large information system.
Access to certain work folders and documents is reserved for those who used it before the remote mode. Thus, nothing has changed from the technical point of view and in the light of the company’s internal security policies.
OFFLINE TO ONLINE TRANSITION
Special attention should be paid to office management and document workflow. It is obvious that operations with original documents are almost completely excluded in the current conditions.
In critical situations, when an employee simply needs original documents, we send the papers by courier. It is important to develop an online customer and supplier relation system in advance. Now, we have switched most of our communication with clients to electronic document management using qualified digital signatures, which eliminates the need to exchange original paper documents. This allows you not to violate the basic requirements of information security policies.
Human factor is obviously the greatest information security threat. Therefore, the major efforts should be focused on working with the staff in any way:
-
development and/or re-mailing of instructions for working with software;
-
notice of the security requirements set out in the company's internal regulatory documents;
-
greater control over the employees’ actions;
-
suppression of potentially dangerous actions.
By developing a clear and comprehensible system of rules and regulations for remote work, as well as proper coordination of compliance with them, the company can easily avoid information security issues.
Source:
