En
En
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
Data protection and classification
Access rights audit
User activity audit, investigation
Compliance
Use case: access control and change management
Use case: user behavior and insider detection
Use case: eDiscovery
Use case: file cleanup
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact us
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact Us
Book a return call
HomeBlogAs businesses keep staying remote. Use cases
BACK TO BLOG LIST
As businesses keep staying remote. Use cases
18.05.2020

As we have previously suggested that you try such monitoring solutions as:

  • SIEM systems for ensuring the security of corporate IT infrastructure (hardware, software, user account activity)
  • DAM (database activity monitoring) solutions for data control in DBMS and business applications (control of user requests to a database, changes, deletions, downloading, unauthorised access attempts)
  • DCAP (data centric audit and protection) solutions for file storages monitoring (which files are confidential, where they are stored, who has access to them and what does to them)
  • DLP (data loss prevention) systems for monitoring of data transfer channels and user PC activity (accidental and intentional data leaks, corporate fraud attempts)

we would like to demonstrate how they work providing real life use cases shared with us by our clients.

We have collected the stories of SearchInform clients that demonstrate how information security tools help control the productivity and legitimacy of remote employee activity.

Case: Performance degradation

What happened?

A senior manager complained to the superiors that it was impossible to complete all the tasks as promptly as it was required, and an assistant was needed. After an assistant was hired the results remained the same.

Investigation

The DLP system showed that since the company moved the employee to remote the efficiency has fallen, up to 4 out of 8 working hours were spent unproductively – the worker played online games and watched shows. When an assistant was hired, the employee delegated all the work, and the number of unproductive hours increased up to 6. The assistant was constantly busy in task-oriented programs: CRM, product base, office software, and processed more applications a day than needed. The management took measures: the employee was fired, the assistant officially took the senior manager’s place.

PLEASE NOTE: in modern DLP systems, security monitoring is combined with user activity control. Special modules of the system monitor the time when employees start and finish work, detect being late, turning off a laptop before the workday ends or working extra hours, count productive hours at work, and the time when an employee was passive or busy with personal issues. Systems analyse the efficacy and productivity of employees and report obvious discipline violations. A comprehensive DLP allows you to get information on your team’s progress using screenshots or viewing their screens online only when necessary in case security policy violation is detected automatically: you can see what exactly users are doing on a corporate laptop if you have doubts.

Case: Data leakage

What happened?

The DLP system identified a user who was spending a few hours on a suspicious website.

Investigation

Thanks to the screenshots made by the specialists responsible for risk mitigation, it was easy to see what an employee was looking for. He was working from home on his private laptop and visited the website where orders for personal data were posted. The worker took one of such orders and continued to discuss the details with the customer via Skype. The DLP solution discovered that the employee explained to the customer that there would be no problems as he was working at home and there was no video surveillance. The next warning came from the DAM software – it alerted the security specialists to the export of corporate data from a database. The incident was prevented as the company connected to the employee’s laptop remotely and deleted the file with sensitive information. Access rights management controls helped to promptly deny access.

PLEASE NOTE: DLP systems collect information about user activity on websites or with software and classify the topics of these resources. You can select unwanted ones from them and configure alerts for each case when employees attempt to visit them. It is also useful to set a rule so that the system discovers users who access unwanted software and websites. This will help you track suspicious activity and provide additional evidence if corporate violations are detected.

Case: IT infrastructure failure

What happened?

SIEM alerted to an antivirus failure on the corporate file server.

Investigation

It was revealed that the antivirus couldn’t deal with the malware located in one of the PDF files in the network folder. To understand how it appeared to be there, specialists tracked down the content route using the DLP system. It turned out that the file was downloaded by the manager of one of the offices, who worked from home on a personal unprotected laptop. She explained that she received an email from authorities with new instructions on the sanitation of retail premises. The employee placed the attached file in a folder accessible to other workers. Another user opened the document and accidentally provoked a viral infection.

The problem was eliminated, the damaged documents in the corporate storage were restored using shadow copies in the DCAP solution.

PAY ATTENTION

Not only data protection solutions, but also employee training or preparatory conversation with your team save from accidental information security errors. Explain corporate security rules to them or even conduct lessons: tell them about the importance of using antiviruses, ask them to remember the official email addresses of regulators, executives, key partners and clients, and prohibit downloading email attachments created by suspicious mailers.

BACK TO BLOG LIST
Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.
Products and Services
FileAuditor
DLP
Risk Monitor
ProfileCenter
SIEM
MSSP
Cloud Deployment
Company
Contact
About Our Company
Company Portfolio
Our Clients
Press About Us
Press Kit
Resources
White Papers
Third-party integration
Research
Practices and use cases
Videos
News
Company News
Product News
Events
Blog
Challenges
Compliance
Data Loss Prevention
Investigation
Data at Rest Discovery
Data Encryption
Data Visibility
Data Classification and Protection
Data at Rest Discovery
Time Tracking and Employee
Monitoring
Corporate Fraud Mitigation
Roles
C-level executive
Risk manager
Internal audit officer
Compliance manager
Information security analyst
Chief Human Resources Officer
Industries
Business Services
Education
Financial Services
Government
Insurance
Manufacturing
Healthcare
Retail
Energy
Hospitality
Construction
Partners
Become a partner
Partner login
SearchInform products are recognized by
Gartner The Radicati Group
Follow us:
© 2024 SearchInform LTD All rights reserved.
Terms of Use
Licence
Privacy&Cookies