Second Year with Working Remotely: ICL Services' Experience in Coping with Information Security

Logo

Kazan, Russia -- (ReleaseWire) -- 10/20/2021 --One of the most important factors in ensuring corporate information security is the level of digital literacy among the staff. The importance of this factor became especially salient in 2020. As the Covid pandemic spread, most companies had to transition to remote working within a very short timeframe and today, some employees have been working remotely or in a hybrid mode for two years. Because of this, a number of information security attacks shifted their focus towards such staff members. And while ordinary mistakes and negligence had often led to information security breaches in the past, there is a lot more at stake now, so proactive steps are called for. Consequently, improving the information security literacy of staff is fast becoming a priority for ensuring data security. Furthermore, staff who are well-versed in information security are bound to be more likely to identify risks and incidents, optimise processes both within the company and on the customer's end, which, in turn, will help pre-empt information security threats.

ICL Services has customers both in Russia and abroad and we pay a great deal of attention to boosting digital hygiene among our staff. Since March 2020, more than 80% of our staff have been working remotely or in a hybrid format, so it is especially important that they should know and understand general and specific requirements for the processing, storage and transmission of information as well as the specific information security requirements of some of our customers and partners. Immediately after being hired, all new employees are introduced to the corporate requirements for information security. All new hires who choose to work remotely, as well as existing staff members who decide to start working remotely, undergo an information security risks assessment during which their remote workstation is analysed for information security risks and an action plan is developed for what the employee should do in unforeseen circumstances.

All ICL Services staff, regardless of their position, experience or the format in which they work, must abide by the following rules:

1) notify the company of any phishing messages or information security incidents as quickly as possible;

2) ensure information security in accordance with applicable laws and regulations;

3) get access to confidential information and corporate equipment strictly on a need-to-know/need-to-use basis;

5) notify customers of any business continuity incidents in a timely manner;

6) irrevocably destroy any confidential documents if such documents need to be disposed of;

7) refrain from repairing corporate equipment on their own;

8) in the event of the theft/loss of hardware that contains confidential information, an employee must immediately contact the appropriate services;

9) in order to prevent any leak of information stored on desktops or on physical media sitting on open surfaces in the office or elsewhere, all employees are to follow an empty desk/empty screen policy.

ICL Services has introduced a policy of holding corporate events during which it is explained to every team member that it is vital and necessary to abide by the information security requirements designed to ensure the confidentiality, integrity and accessibility of data. Such information security seminars look at specific information security incidents that happened at the company or highly publicised information security breaches that happened somewhere else (for example the script for Star Wars Episode 9 that was put up for sale on eBay or the conflict between Rambler and the developer of Nginx).

Security induction is a corporate information security procedure that all new hires must complete as part of their probationary period. As part of the security induction, new hires independently identify the link between specific cases and information security rules and then go on to offer their own solutions. This allows them to understand the requirements of the company's information security policies in practice and see how they apply to their own duties. During the security induction, a new hire answers questions such as what the correct way to destroy confidential information is, why is it important to transmit information over secure channels, how information about partners can damage stakeholders if it gets disclosed to third parties or others — allowing them to identify the relevant cause and causal relationships on their own. At the end of the security induction, all the participants are sent an email with links to corporate resources with useful information and a request for feedback to help update and improve the contents of the procedure to improve its effectiveness in the future.

After the company transitioned to remote work en masse, some changes were made to the security induction procedure. First, a section has been added on why it is vital that information security rules be followed while working remotely, which emphasises that corporate information security is the responsibility of all the staff with no exceptions. Second, the format in which the security induction is conducted has changed. While in the past, the number of participants was limited by the capacity of the conference room where the induction was held, it is now held as an online seminar with far more participants connecting to it in the ways that are most convenient for them (from a PC, a smartphone etc.). The online training features interactive sessions with staff such as surveys, discussions, stories told by the participants and others. In order to increase the engagement of the online participants, the content used for security induction has been revised: the presentation now features memes and short videos, which work very well in the context of the mostly visual presentation delivered as a sequence of slides.

New hires also complete information security courses, learn about the rules of using passes to access company premises, complete a test of their knowledge of the passwords policy and media interaction policy, as well as the policy for handling confidential information, the non-disclosure agreement and various workarounds.

Having completed all the stages of the security induction by the end of their probationary period, the new hire is able to join the company's business processes as a full-fledged team member and identify potential information security incidents in both work-related and day-to-day activities. Meanwhile, our customers can rest assured that their data are handled by staff who are well-versed in information security.

About ICL Services
ICL Services is among the top 10 largest IT service companies in Russia and top-100 best IT outsourcing companies in the world; an important part of the ICL group of companies and a key business partner of Fujitsu. Company's core competence is smart people who work in streamlined processes on hundreds of projects. The service catalog contains over 60 services.

Media Relations Contact

Katerina Vyrina
PR Manager
ICL Services
88003339870
https://icl-services.com/

View this press release online at: http://rwire.com/1347815