Recent unthinkable geopolitical events in the heart of Europe have proved once again that security – physical or computer security, or any other kinds of privacy and safety – has a high priority.
Global Mediator considers IT security policies and processes as an important pillar of any modern organisation. Thus, the company takes every required step to secure both internal and external data-related processes. In this blog post, we would like to focus on some of our corporate procedures and tools that guard the security and integrity of the systems we work on.
“As an organisation, we are clearly ahead of the security curve for an organisation of our size, but in a world increasingly reliant on technologies and information, we do not feel that the safety and security of an organisation’s data assets can be overstated.” – Niсolai Krarup, COO at Global Mediator
Documentation and training
Unfortunately, even now many IT-related organisations lack appropriate focus on the well-organised and structured documentation on IT security. At Global Mediator, we take potential threats and vulnerabilities seriously. Therefore, we keep internal IT Security processes documented as guides and policies available for internal use via the corporate portal. The guide explicitly and thoroughly states, among others, the rules on security of the personnel and company devices, data protection, and IT security maintenance and access control. The rules and policies are binding and make an integral part of the onboarding process. Internal training on IT and cyber security are a common practice at Global Mediator. In case any rules or policies are changed, these changes are clearly communicated and implemented by the teams.
Access control and other security policies
Among others, Global Mediator addresses the following internal IT security aspects that contribute to data protection at the company level.
- IT security rules and scope policies are set and controlled by the organisation (e.g., lock screen timeout or full volume encryption ensured by BitLocker).
- User access at Global Mediator is managed through Active Directory. Depending on the user levels (ranging from IT security manager to team member level or guest level) and roles (global administrator to a general user), the access rights guarantee to what extent certain resources, applications, or services are available for the users.
- The company’s policies directly deal with password management. The passwords to the corporate laptops, services, and resources, as well as personal passwords (optionally), are securely stored in the respective vaults of the Password Keeper manager – a tool, chosen and approved by the IT security management of the company. Our customers may rest assured that no passwords used by our specialists on the customers’ site are ever written and kept on a piece of paper that might be easily lost, destroyed, stolen – whatever. As an additional layer of data security, Global Mediator uses the two-factor authentication (2FA), reasonably promoted by Microsoft.
The safety and security of an organisation’s data assets cannot be overstated
“One of the most common mistakes people and organisations make is missing Password Manager Policy. Users create a single password for all corporate resources and applications and in most cases, the same password will be used in the client environment. Lack of policy from the organisation means that the user will not change this password for a long time or even use it forever. The user and the organisation may not be aware that the password has been compromised and that cybercriminals already have access to some resources.”– Oleh Lutskyi, IT Security Manager at Global Mediator
- To leave less room for cyberattacks and data breaches, potentially caused by software security flaws, Global Mediator’s IT security management controls regular software and security updates.
- Instead of the usual password-protected WI-FI network infrastructure, the company relies on secure, flexible WI-FI Enterprise authorisation, which ensures that only staff members and only trusted devices have access to the company network.
- Strict remote working policies – remote users’ access is only allowed through a VPN. Direct access to virtual servers and corporate applications of Global Mediator is only available in the office network.
Secured area of a Microsoft hub
Global Mediator has been a part of the world Dynamics community for a decade now. The company is 98% based on the Microsoft tech stack. Naturally, Global Mediator shares Microsoft’s data protection approaches and uses an extensive range of the technology giant’s security means and tools. All corporate laptops follow a single standard of data security of MS Windows. Identical security configurations are applied to all corporate laptops.
Managing security through ISMS and ISO
Managing our customers’ or our own valuable information is a great responsibility, and one wrong step might result in both financial and reputational damage. Global Mediator’s ISMS helps prevent possible data breaches and guarantees a faster reaction to them, as well as helps reduce the potential impact of cyber breaches. Compliance with the GDPR and following the ISO 27001 standards guard data security, help avoid costly mistakes related to improper IT security and data protection and build trust in Global Mediator as a software engineering house with a well-deserved reputation.