Let us analyze the problems companies face when transferring all work activities to remote formats, which communication channels cause the greatest risk of data leakage, and how business processes are based on the new reality. I also want to talk about the mistakes the company made during this period and how the organization and technical methods of controlling remote workers have changed.

This year, many companies have experienced forced self-isolation and sudden transition to remote working mode. They quickly rebuilt their business by increasing online sales and services, while striving to maintain efficiency while protecting themselves from new threats and risks.

Let’s see how DLP [Data Loss Prevention] vendors and their customers are adopting data loss prevention practices and remote employee monitoring in a new environment. Let us also take a look at how the DLP system is adjusted from a technical and organizational point of view, and what problems have been solved.

Data loss prevention issues at the beginning of the transition period.

The main problem that emerged at the beginning of the pandemic was that a large number of companies were unwilling to switch to online/remote operation mode completely. Before the pandemic (depending on the industry), many companies had only a few employees working remotely, and the process of interacting with them was actually built into the manual mode. When a large proportion of people turn to telecommuting, many organizations actually lose control of employee activities.

Controlling communication channels

Security personnel must reconfigure their DLP systems to track new communication channels that employees can suddenly access when they switch to remote work mode, and access to these channels is severely restricted when working outdoors.

Outside of the organization, employees are actively using their corporate cloud storage, but using things like Google Drive and Dropbox to exchange data, including sensitive information. When the IT department was busy establishing secure remote access to company resources, employees started to transfer data on public file sharing resources through personal accounts in order not to waste time.

In the event of malicious adware redirection and hacker intrusion into free cloud storage systems (these systems are not perfectly protected by default), the commendable enthusiasm of employees for work can lead to serious accidents. Not many staff are willing to delve into security settings and enable features such as two-factor authentication.

In addition, employees began to copy company documents and data to removable media more frequently. If the DLP system does not prevent this, if the organization does not provide all employees with work laptops, then the mission of preventing data leakage will be difficult to achieve.

 IT and information security departments have to urgently consider a system to monitor email traffic and terminal servers. When it comes to monitoring corporate e-mail, companies are forced to adopt technologies that allow them to monitor mail servers without using workstation agents. As for terminal servers, most companies use them to organize employees’ secure remote access to internal resources.

Changing business processes

With the shift to remote working models, business processes that are already functioning well and “clean” have changed. First, the amount of data sent and stored on workstations by the company’s DLP system has increased dramatically. When working in the office, employees can walk directly in front of their colleagues and show their work or give presentations on the screen without using other media. In remote mode, any interaction with colleagues starts to be accompanied by sending various files.

During online meetings (Zoom, Skype), the screen sharing mode is actively used. Some sensitive data may enter the shared screen, allowing any participant to take screenshots or photos at any time. Subsequently, not all companies were able to provide their employees with work laptops.

Many workers have to use personal equipment to complete their work. This significantly increases the risk of data loss because personal devices lack corporate or even antivirus protection. Employers rarely have the right to require employees to install them.
Personal laptops can be used by more than one family member, which greatly exacerbates the problem of illegal access to confidential company data that has begun to accumulate on these devices.

Organizational measures of protection

From an organizational point of view, in order to prevent data leakage, the information security department has to review employee access rights to corporate information systems. In addition, security personnel must strengthen their activities to prevent accidental disclosure of information by staff. Employees were given additional training to inform them which resources and services should not be used when working remotely, which programs are considered insecure, how phishing can lead to data loss, and even resolve dangerous issues related to connecting to public Wi-Fi. Fi network.
Some information security managers have created internal hacking and phishing bulletins to exchange information.

Remote work monitoring

Another serious problem during the pandemic is the efficiency of controlling remote employees. Generally speaking, in an office, managers will see when their employees come and go, who work hard, and who are often distracted.

When working remotely, it is much more difficult to understand whether employees have enough working hours and their working hours. It is important to understand the dynamics of workload: whether employees are beginning to reduce their workload, or on the contrary, the workload has increased, and what are the reasons.

By analyzing the traffic from DLP, work activities can be monitored. Some people think that telecommuting is an opportunity to relax. The DLP system can identify employees and even departments, and its load has increased significantly. It can be said that at the beginning of the transition to the remote working model, IT department employees bravely supported all business processes. During this period, in many companies, the number of requests for remote access to company resources has grown like an avalanche.

In several companies, the DLP system records how employees report full-load work, while actually completing work tasks within a few hours, and then processing their personal affairs. Generally speaking, it is much easier for companies that already use DLP systems to switch to remote working mode.

They can quickly adapt to remote information protection, which is even more difficult for those who have to solve the problem from scratch. The quarantine period puts the organization’s confidential information at risk and affects the productivity of employees who are not properly controlled. As a result, during the self-isolation period, the number of incidents involving accidental disclosure of confidential information and deliberate disclosure of data has increased significantly.

Control work or monitor employees?

Currently, the DLP market is flooded with modules that control the work of remote employees. The product range is wide: from tools that allow full control of remote employees to solutions that only track specific performance indicators to help evaluate current and dynamic work efficiency.

At the same time, employers should not forget the difference between office work and remote work. The rich features in DLP are not always useful.

Consider a situation where a new employee finds a job in the office. The employment contract clearly stipulates the terms of telecommuting, which includes controlling the operations of all employees on the work laptop. On the other hand, it is said that it is forbidden to mute the microphone and hide the image from the webcam of the laptop. The contract stipulates the working hours that employees must spend in front of the computer, which must be supported by corresponding video recordings.

This control seems excessive; surveillance should not become surveillance. Most importantly, this method does not give the employer the answer to the most important question: “What is the real efficiency of employees and the company as a whole?” Employers need to know whether remote employees have worked the required hours during the day with colleagues Whether there is a gap in communication between employees, the time the employee spends on the job application, whether he is distracted and to what extent the task is labor-free .

It is important to know whether the work task is being performed, whether the execution time is in line with expectations, how the performance dynamics of personnel compared with the previous period (days, weeks), and whether they are in line with expectations. It is necessary to change the business process accordingly.

Mistakes When Switching to Remote Work Mode

The company made many mistakes when organizing secure remote access through VPN. In many cases, in the process of emergency transition to remote work mode, the IT department provides everyone with access to company resources or adjusts some things, so that most employees cannot access it. The first case reduces the effectiveness of protection, and the second case slows down the company’s work.
In addition, some organizations try to control the working hours of remote employees through some temporary means and methods, for example, by recording the fact and time of employees remotely connecting to company resources. Unfortunately, this method does not allow us to understand what the employee is doing after connecting to the network and which applications he has launched.

Capabilities of DLP systems in “combat” mode

In general, DLP systems provide a wide range of capabilities for protecting confidential information from leaks while in the remote work mode. DLPs can identify the activity and behavior of users by monitoring:

Traffic collected from different communication channels (email, instant messengers, etc.)
Data from the keyboards
Data being copied to external drives
Mouse clicks and movement
Web surfing activities
The time of shutting down the user’s laptop
The audio stream from the microphone
The video stream from the webcam
The most advanced systems complement this set of functions with advanced filtering, analytics, search, and reporting tools. All this helps the information security specialist to obtain a specific set of data on the actions of each employee working remotely.

DLP systems appeared on the basis of technologies for analyzing email activities. Later, their functionality was supplemented by protection against data leaks and analytics. Related technologies, such as time management tools, have been included in these solutions relatively recently. To choose the best solution, each company needs to understand what tasks in terms of protection against data leaks and control of remote employees must be solved.