Are rushed remote working solutions compromising enterprise security and compliance?


Analysis

April 7, 2020

Since the outbreak of the coronavirus COVID-19 and introduction of restrictions around the world, the use of communication and collaboration platforms has expanded dramatically, as enterprises enable their staff to work remotely. The video conferencing application Zoom, has reportedly added more users in the first 3 months of 2020 (2.22 million) than it did in the entirety of 2019 (1.99 million). Microsoft announced soon after that there are now 44 million daily active users on the Teams platform, which included a staggering 12 million increase at the end of March 2020.

The speed at which restrictions were imposed caught many by surprise, and even businesses that already had well-defined remote working policies and business continuity plans in place were tested. In the case of many organizations, however, home working was reserved for a small percentage of the workforce at best, so the task has been immense and hasty decisions have had to be made around enabling technologies. In fact, in a recent survey, Pure IP found only 30% of respondents cited security as their top concern during the height of the drive to enable remote working.

The increase in use of digital collaboration applications brings with it increased security threats as opportunistic scammers, hackers and cyber criminals look to take advantage of the situation. Although it is still too early for true statistical analysis, some sources are already reporting a spike in cyber security threats.

So how secure are your communications?

As we move beyond the initial stages of mobilizing vast swathes of people for remote working, it is time to revisit some of those initial decisions and ensure the correct security measures and protocols are applied. Here are a few suggestions:

Review the use of non-enterprise approved applications

Fighting shadow IT has been a common battle for businesses, and is likely to have been accentuated in the current climate with communications applications such as Whatsapp, Google Hangouts, and Zoom readily available and free to anyone. This brings with it potential for greater risk of data breaches. If you haven’t already, lock down your users’ ability to download and use non-approved applications on the network. Identify where this might have already happened and move those users onto your approved platforms or applications.

Check how your communication services work

Do your communication services IP authenticate, or use a username and password check? The former provides a more secure approach, ensuring that any call request is made from a known location. They are therefore less likely to be hacked.

How open are the applications you are using?

This is often the difference between enterprise grade applications and those created for the wider consumer market. For example, despite the current popularity of Zoom, a number of questions around the platform’s security have been raised after reports of ‘ZoomBombing’ and private recordings being left accessible online.

Some applications are deliberately open to enable users to easily integrate with their different contacts across devices and channels. Others have default settings that make it easy for hackers to invade meetings or systems. The outcome of either is a potential security threat that enterprises need to guard against.

On the other hand, applications such as Microsoft Teams were created specifically for enterprise communications, and have robust built-in security measures that make it more suitable for corporate use.

Are you still compliant?

Highly regulated industries and some countries have stringent compliance measures to adhere to. Revisit the measures that have been implemented to enable home working to ensure you are still compliant. Are you still recording activity that needs to be tracked for compliance purposes? Is any data that is being shared still secure?

Monitor trends and traffic

Calls and communications are vulnerable at every stage of their journey and if they are not properly secured or encrypted, seasoned hackers can infiltrate your system. Once inside, they can make calls to high-cost toll numbers and destinations.

Even with a secure service, be vigilant in monitoring trends. Set thresholds for certain calls and investigate suspicious calls and those to expensive destinations. Hackers will normally try to make calls concurrently and in bursts, so it is vital that your organization monitors and sets alerts.

Data security

Knowing where your data is and how it is being handled is a core aspect of data security for any enterprise and is something that is at the heart of regional compliance directives and regulatory legislation. If you are using cloud-based solutions or applications, make the necessary contractual checks to ensure you know where your data will be held. If it will be shared during any form of collaboration, find out how it will be treated and who will have access to it. Does the contract manage data moving out of region? Are there any security risks or threats to your ability to adhere to compliance (eg. GDPR)? Is the data moving via regions or countries that you don’t want it to? Ultimately the enterprise is responsible for its own data security, including when that data is exposed to the outside world via conferencing or similar collaborations.

At Pure IP we take security and compliance seriously, both for protecting our customers and our many regulatory agreements we have around the world. Our services are all encrypted and use multiple levels of authentication. We also own all the equipment in our global voice network, reducing the security risks of using shared infrastructure. We monitor trends and suspicious behavior 24/7 and thanks to our technical led service team, are able to work with customers to identify any potential threats to their telephony service.

If you would like to find out more about our secure services, please get in touch.

New call-to-action

 

Alessandra

Subscribe Here!

Articles you might enjoy

View All

Pure IP awarded new Microsoft Competencies