Vasyl Soloshchuk
CEO at INSART
16 April 2020

Remote Team Security: How to Minimize the Influence of Risks

Economic experts say the best way we can alleviate the impact of the coronavirus outbreak and the subsequent unemployment rise caused by the quarantine is to keep businesses and money running. The whole economic system now depends on our ability to adapt fast and optimize processes, reduce ineffectiveness, and find new, more economically beneficial ways to run businesses.

Companies typically prefer to examine new situations for months before making big moves. They suspend innovation sponsorship and try to stick to the core business, focusing on existing clients. Thus, many of them retire their remote research and development centers that work on new offerings and innovation.

Meanwhile, all in-house workers are switching to remote work, which exposes companies to both security risks and business contingency issues. New challenges thus arise for Fintechs:

  The increased traffic, especially mobile

  The need for secure remote access for workers

  The costs should be kept as small as possible; expensive solutions for security aren’t helpful

How to approach new security challenges

There is one kind of company that has much experience in providing secure and predictable development processed in remote work: offshore engineering companies. The processes they have already established allow them to stay productive and beat competitors, whatever the situation is. They can help with reducing costs while keeping productivity levels the same because usually they cost 60 percent of an equivalent in-house team. The only question you may have before making a decision to outsource is how can we ensure a company is reliable?

The contract has to be not only legally solid and well-structured from a procurement point of view, but the governance function also has to be about more than job descriptions and organizational structures. If obligations and controls are not turned into assigned actions, they will not be done, and if the contract doesn’t have a set of balanced levers to pull, it will not be possible to effectively control and steer the engagement.

Below we provide a list of the must-have sections for your contract, whether it is for remote or in-house teams.

1.   Security policy is a must

Important sections to cover:

  •     What does security mean at your company? What is the object of the defense?
  •     What is your organizational structure and how is it protected by law?
  •     What types of data does your company defend? Who and under what conditions can access these?
  •     What should employees do to keep the data secure at their workstations?
  •     What software tools are aligned with your company’s data protection policies?
  •     What criteria and subcontracting rules should a third-party provider meet to be able to provide service to your company?

We don’t doubt that your company is secure, but we wonder if there is a unified vision about what security means across your company. A clear security policy can eliminate all the misinterpretations.

2.   Protection from business risks

Important sections to cover:

  •     Indemnity clause
  •     Cybersecurity insurance

An indemnity contract is signed for protection against a loss or other financial burden. This type of contract operates as a transfer of risks between the parties and changes what they would otherwise be liable for or entitled to under a normal damage claim. The trigger event can be anything defined by the parties, including a breach of contract, a party’s fault or negligence, or a specific action. So having this contract signed between you and your workers protects your business and liabilities under the law.

Cybersecurity insurance is a product that is offered to individuals and businesses to protect them from the effects and consequences of online attacks. This document protects your product and your users from third-party intrusions.

3.   Business contingency strategy

Insurance can cover many risks associated with data theft, business interruption issues, negligence, and others. But when the trigger event happens, it’s not enough just to accept a check from an insurance company. To stabilize the situation, you must take action, and it’s vital to have a mitigation plan to deal with the aftermath of a trigger event.

Tip: First of all, you’re to identify all the risks that require defined elimination actions. Define a priority for each risk—use a Risk Impact/Probability Chart for that. Then, analyze the highest-priority risks and create an action plan.