If there is anything that COVID-19 has left us with, it is the leapfrog into the world of technology early adopters in our professional working lives. Despite our early adoption for new technologies at Summit Consulting Ltd, we never used virtual meeting applications and tools as intense as we did following the coronavirus pandemic lockdown. Before the pandemic, the major tools in use were Teamviewer, Remote Desktop, and Skype to mention but three.
Suddenly, in February 2020, many things changed. Movements and interactions became limited and restricted. The economy was under lockdown as schools, offices, and businesses were closed as part of the social distancing strategy. If any business was to be conducted, it had to be done remotely. Overnight, companies like Zoom that were hitherto little known, experienced a sudden growth in monthly subscription volumes and their share price spiked on the stock markets. All other major technology companies like Google, Facebook, Microsoft, Cisco to mention but four introduced new tools for remote video conferencing.
Welcome to the new professional working world where remote delivery has become (and will continue to be) a common part of our professional working lives.
Many companies have invested in remote working infrastructure, as well as paid subscriptions for an account on video conferencing platforms like Zoom, Microsoft Teams, GoToMeeting and Cisco Webex Meetings, among many. Other companies have invested in custom collaboration tools that are hosted locally on their internal network while others like ourselves at Summit Consulting Ltd, we use www.mentor.mustaphamugisa.com which is hosted on the Amazon cloud for real-time staff updates and collaboration.
Taken together, remote working is here to stay. Companies like Google and Facebook have reportedly allowed their staff to decide whether they would love to continue working from home or to come back to the offices.
It makes sense.
Remote working calls for a clear remote working policy that provides guidelines and procedures for remote workers. A good policy must provide for the following, among others.
When it comes to remote working and virtual meetings, the main cybersecurity risk is the likelihood of data and service breaches in terms of Confidentiality, Integrity, and Availability.
What is data? Data is information. It is facts, details, and statistics stored in or used to arrive at decisions. Imagine you are transmitting privileged or non-public information; do you want it accessed by unauthorized people. If someone accesses your information, you would have lost the confidentiality of your information.
As a sender, when you transmit information using any medium, and someone intercepts your data and alters in any way during transmission, you will have lost data integrity. Remember when you went to the bank ATM and wanted to withdraw money, only to read the notice that the ATM is off for regular maintenance! That is called a loss of availability.
The remote working policy must provide guidelines over staff responsibility for security. For example, the CEO for Zoom, the current most popular webinar and virtual meeting app, said that the company shall not be able to provide end to end encryption services for free users. As part of the remote working policy, the company may make it clear that no staff shall share company information via free online meeting hosting applications whose channels are not encrypted. Other areas the remote working policy must provide for include the start logging in time and logging out, the daily staff updates of their work plans and attained outcomes each day, and accountability for resources provided and Use or Bring Your Own Device Policy (BYOD) to provide clarity on the ownership of the intellectual property developed since such staff are still on the company payroll.
More considerations that must be made with respect to remote working, webinars, and online meetings are below:
1. Implementation of a Cybersecurity policy
One of our clients had never had her teamwork and deliver remotely. Despite having remote working tools available, when the time for remote work came, management wondered where they could start. They were not as ready as they had initially thought. We advised them that when adopting remote working, the best place to start is a cybersecurity policy that has been read and explained. Most people do not read. For that reason, the policy has to be explained to all the team members. Emphasis should be placed on “why” have a policy and the acceptable behaviours and safe practices remote workers are expected to comply with. As part of best practice, include a place where employees should sign their commitment to comply with the policy.
2. Creating team awareness
Most institutions may have cybersecurity and remote working policies in place but fall short on cybersecurity education and tips.
Staff need education on how to use certain remote working and on-line meeting tools to avoid innocent mistakes that could negate the confidentiality, integrity, and availability of information and services.
A discussion with cybersecurity consultants would effectively enable an organization to craft and implement a seamless and customized cybersecurity policy, train teams on the latest sophistication of attacks, and how to steer clear of them.
We can all do better by taking the necessary steps in training team members’ online security and basic cyber hygiene. Remember, as we always say in the security world, the only patch to human stupidity is on-going awareness and training.
3. Beware of “Bring Your Own Device” (BYOD) risks
Let’s face it, an unexpected leap into remote working and virtual meetings is likely to come along with employees of many entities utilizing their personal computers and phones to facilitate official delivery. Unsurprisingly, this introduces a cocktail of devices, operating systems, platforms, and software with varying security levels, effectively widening the cybersecurity attack surface. If a company is planning to transmit confidential information through personal gadgets, Have a BYO policy and ensure it is followed, .
4. Endpoint Security
How secure are your gadgets and those of your team when they are connected to the internet and working remotely? Have you installed endpoint security by way of antivirus and anti-malware protection? The company must implement minimum security practices to reduce exposure. Restrict staff remote connections to their specific internet protocol addresses, make it difficult for someone at home to copy documents from the company computer by disabling all the USB ports, and enforce more login access to avoid children at home mistakenly sending confidential data.
Most organizations are not considering cybersecurity risks as they adopt the new remote working and virtual meetings. Instead, they’re waiting to react to cyber breaches – and many times, it would be too late.
Now is the time to change this narrative.
Turn all team members into cyber defence pillars. Contact cybersecurity specialists to help shape your own and your team’s online behaviours to safeguard your organizations’ assets, information, and reputation.
The higher the cyber savviness of each team member within your organization, the stronger the savviness of the organization as a whole.
Copyright Mustapha B Mugisa, 2020. All rights reserved.