The transfer of employees to remote work under COVID-19 quarantine is a serious challenge for the company's security service. The entire protection policy of the organization requires a serious transformation aimed at changing the technical means and methodologies for monitoring and protecting remote workplaces of employees. An important component is working with clients and partners in order to maintain their level of trust in the company.
Prevent risks
Working remotely, employees have the ability to inadvertently provide access to valuable company information.
In order to prevent these risks: computerquestions
A working group of security specialists is being formed to ensure that the terms of reference for the content of confidential information are checked with the authority to make the necessary corrections before the head of the department receives them for distribution among the employees of his department.
Additions to contracts or separate agreements on non-disclosure of confidential information (NDA) are concluded, which clearly spell out all the risks and penalties from employees applicable in case of violation of the contract.
Special technical means are used to monitor the working equipment in order to track the actions of employees (copying information to external media, transferring information to interested parties, non-compliance with safety rules and other cases). Programs for "photography" of the working day can also be useful here.
At home, employees are often careless and become a source of information leakage. Therefore, it is important to instruct them on safety when working remotely. Upon completion of the briefing, the employee must sign a document stating that he has passed the briefing. It is necessary to inform the staff about violations of the instructions that are revealed in the process of monitoring the workplace, and take action against violators.
Issue legislatively
One of the important issues when transferring employees to remote work is the legal registration of personnel responsibility.
Unfortunately, the standard employment contract is made up of very generalized wording (regarding the nondisclosure of confidential information) and is not suitable for situations of mass transfer of employees to remote work. Therefore, it is necessary to conclude a separate NDA with the staff.
Before entering into an NDA, an outreach should be undertaken on the subject of teleworking security and its role in this NDA. When drawing up the contract, all the risks that the company may face when disclosing confidential information by an employee are prescribed. It also describes the penalties for non-compliance with the terms of the contract. The consequences for non-compliance with the conditions should be clearly stated in the contract.
Using VPNs
If an organization does not use a corporate VPN network, then when transferring employees to remote work, this measure is absolutely necessary, since it immediately delineates responsibility and distributes risks. Using a VPN, a company can choose the resources to which an employee has access and can constantly monitor staff activity.
Maintain customer confidence
It is equally important to convey information to clients that by sending employees to work remotely, you are able to ensure the confidentiality of the information they share with the organization. Thanks to the implementation of such measures:
informing employees about safety rules;
NDA registration;
filtering jobs through a dedicated security team;
work in VPN;
monitoring through programs for tracking remote workplaces (check-ins in Slack about the arrival and departure from work and other measures).
It is worth noting that clients in most cases have their own security service, and those tasks that you get to work go through their information control system. Therefore, the question of how to find a balance between adequacy and safety in the conditions of transferring employees to remote work is completely up to the companies.
Even if you are faced with a claim that your company is responsible for leaking customer information, there is no need to panic. Conduct an internal investigation, collect the necessary documentation. Such cases in courts drag on for more than one year. In 90% of cases, legal entities are not suing, but a company and an employee.
Select measures
There is a real opportunity to prevent the risks associated with leakage or disclosure of confidential information when transferring employees to remote work. It is important to understand here that in this situation, a revision of the security policy towards tightening is not an extreme, but a necessary measure.
At the same time, a balance should be found between the interests of employees, the company and the customers in order to maintain the performance and demand for the product at the proper level.
You can:
explore the possibilities of transferring employees to remote work;
choose from the above methods those that are suitable for your business;
test them for a certain time on a small group of staff;
analyze the result;
integrate into your business.
No comments:
Post a Comment