We’ve invited leading offshore technology solutions provider, Ready Offshore, to share some great insights into IT security and the risks that come with selling passwords.
According to a recent survey published by Fortune Online, 20% of employees say they would sell their work passwords for less than $1,000, some for less than $100. It’s a scary thought for firms who host their applications in the cloud, particularly when you’re about to build a new team offshore.
It’s a busy and exciting transition when firms start to offshore their services. Often what isn’t top of mind are factors like privacy of information and cyber-security – although it’s the first thing your clients and stakeholders will question. Many assume the BPO will take care of this. However, a BPO’s responsibilities don’t extend to IT security consulting.
It should be noted at this points that these risks are broader than just ‘offshore’. Weaknesses in your IT security could leave you wide open to fraudulent, malicious or accidental misuse by your staff both onshore and offshore.
Being able to answer privacy and security concerns confidently and with substance should be part of your offshore plan. If you can’t, you are not only providing ammunition for your offshore ‘detractors’, you are putting your personal reputation and business at risk. If you have any doubts, now is a good time to ask yourself the following questions:
- What tools do you have in place to stop staff from logging into your cloud-based applications from authorised computers at home or third parties?
- Can you terminate access quickly (with one password change) in the event that someone leaves?
- Are you able to monitor usage by application? (Eg, Team Member X logged into application Y on this time and date)
- Do you distribute multiple sets of credentials to various systems or applications? How do you manage this?
- Have you taken any due diligence measures regarding offshore staff having access to client information?
- Would your reputation be damaged in the event that your company or client information entered the public domain?
We work with hundreds of Australian, UK and US companies setting up in the Philippines and these are the first questions we ask. Fortunately, there are a number of easy steps you can put in place to lock down your private information. Best of all they are relatively low cost to implement while delivering a truckload of value and piece of mind.
Single sign on
If you have multiple logins for each application and staff member – that is a lot to manage and difficult to remove access quickly if you need to eg. In the event of a termination. By introducing a ‘single sign-on’ to access all of yours and your client’s systems, it not only makes logging in quicker and easier to remember, it also allows management to remove a staff member’s access in an instant.
Access location control
Unauthorised computers may host damaging viruses. Also, while we don’t like to think about it, selling or sharing password access is possible. Hopefully unlikely, but possible. We recommend locking down access to your systems from your BPO only or to employees who have been authorised to work from home.
If something goes wrong, it’s good to have an audit trail to fall back on. We recommend a granular logging of access which you can retrieve in the event of suspicious activity.
It’s a good idea to implement a password policy whereby passwords need to be complex and changed regularly. You want to avoid the situation where the staff member has used their dog’s name as their Facebook password, as well as their Linkedin, mail, Flickr etc. Gain the credentials for one program and you have them for all. A good password policy reduces your exposure to hacking and other cyber crimes.
By distributing controlled access to your systems, you are allowing staff to use applications without having to make them privy to your system passwords. It’s another step to limit any untoward activity.
A few proactive steps go a long way when you’re about to launch a global team. Knowing you are protecting your firm’s best interests and keeping your reputation intact are important considerations. If you have any questions, ask an IT privacy and security expert.
SOURCE: Last updated 16 May 2016. & Fortune online ‘One in Five Employees Would Sell Their Work Passwords.’ 30 March 2016.