How to organise safe and effective remote work. Real company experience

Clouds mean everything to us

We switched to cloud-based mail, ERP, CRM, telephony and video conferencing immediately after the 2008 crisis because of the diffuse business structure, the high cost of server support, and administration in different countries.

Remote access for the remote employee

We are keenly applying the BYOD policy: company staff use their own PCs and smartphones for work. To deliver desktops and applications to employees’ final (including mobile) devices (implementing VDI technology), all bets are on Citrix and AWS Desktop as Service. We are also testing IGEL thin clients and VDI from Vmware. TeamViewer is employed to solve users’ problems remotely.

Group interaction

Nearly all communication now takes place in e-mail form, but there is an understanding that this is primarily a means of communicating with external partners and recording agreements, since correspondence has legal force. We are encountering some difficulty in moving internal discussions from mail to slack, and all standard documents, workflow and business processes to ERP.

Videoconferencing

In the absence of face-to-face meetings and business trips, video conferencing is the main tool when working with partners.

Confidential communications

Today, it is no longer possible to arrange talks in a meeting room, and businesses do not trust mobile communications when conducting secret negotiations. I don’t presume to evaluate which of the messengers is “listened to” and which is not, but for some reason, Swiss products such as Threema and Wire are the most trusted in the business environment. This, however, does not solve the problems when communicating with all countries. In some places, for example, Skype, WhatsApp, Viber and Telegram do not work, but IMO or WeChat does ☺. We are now pinning our hopes on the Swiss manufacturer Adeya, which offers military-grade cryptography (or you can install your own cryptographic library) and allows you to deploy the system in your own company or in their cloud, which is hosted and protected by Swiss privacy laws.

Monitoring employees’ work

However conscientious your employees may be, it sometimes has to be determined what an employee was doing at a particular moment. If someone needs to keep an eye on the hourly work of employees, not for surveillance purposes, but, for example, in order to bill your customers, there is a vast range of products, e.g. Time Doctor, Hubstaff, Harvest, Toggl, TSheets, etc.

VPN and two-factor authentication form the basis of digital hygiene

When users are outside the secure perimeter and are usually connected via home-based WiFi, the minimum security requirements must be followed. Apart from regularly changing complex passwords, everyone must use a VPN. We use solutions from Barracuda Network and Forcepoint/Stonesoft, as well as free OpenVPN and ProtonVPN.

Home-based employees are more vulnerable to scammers

In 2018, the cybersecurity market was estimated at $248 billion, and it will grow over the next three years by 10–13% annually. Although the anti-fraud sector of the market has been valued at $20 billion, it is growing at 25–30% a year. Another sector of the market — Security Awareness and Training — is growing at an annual rate of 40–50%. This is because the human being is the weakest link in security. Employees need to be constantly trained, and it is best to base the training on their own mistakes. We use CybeReady to teach colleagues how to avoid falling victim to phishing scams. Such solutions are also offered by Cofense (Phishme), Dcoya and Barracuda Network among others.

Lots of security — always

We have a diverse assortment of computers and OS, and we ensure that everyone updates their browsers and OS, and installs patches. Ivanti is used as the Patch Management platform. Rapid7 products are used to manage vulnerabilities, and there are commendable solutions from Tenable and Qualys. We use CyberArk to manage access for privileged users.

What if we have a factory and checkers rather than an office and computers?

In the EU, our company is more focused on the safety of industrial networks and critical infrastructure. One of the must-have options for SCADA security is Data Diode — a device that does not physically allow signals to be transmitted to an industrial network, but only makes it possible to read them “so that they can’t throw a spanner in the works”. We don’t have any production facilities in the company, but WaterFall, the market leader, offers a “free” remote production management option during a crisis, when people are not allowed in, using Remote Screen View.

Crisis plans

This week’s immediate plans include asking all vendors for temporary free or preferential access and promotions to support our customers ☹. Everyone is very understanding.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store