Recognising the potential harm of a host of threats brought on by employee naivety, Bahri & Mazroei Trading Company’s IT manager Madhusuthan opted for a fresh security solution to tackle social media overuse and abuse.
Only the foolhardy – and the uninitiated – now doubt the benefits of social media. The ability to interact with and learn from an estimated 2.3 billion users around the globe is a huge opportunity for enterprises. The UAE in particular is primed for social media opportunities, with the country boasting the world’s highest smartphone penetration at 74 percent. The other side of the coin, however, is that social media can be a thorn in the side of a business keeping an eye on employee productivity. Worse still, it can be a magnet for security threats.
Bahri & Mazroei Trading Company (BMTC) could relate all too well to that predicament. Established in 1968 in the UAE, BMTC started its operations in product supply and the distribution of electrical and lighting solutions. Over the last four decades, the company has expanded its portfolio to include urban and water solutions, and its work has gone on to touch some of the region’s biggest landmarks. These include world-renowned sites including the Burj Khalifa, Dubai Metro, Dubai International Airport and the Madinat Jumeirah.
Besides catering to projects within the construction industry, BMTC also serves industrial and government departments, traders and export customers through its network of seven showrooms across the country.
The back office operations that make all this possible, however, require levels of IT security that cannot be compromised by user ignorance. BMTC’s IT manager Madhusuthan recognised that inappropriate use of social media on company time held the capacity to cause a number of problems. “We wanted to make people use technology, so rather than controlling them, we decided that monitoring them was the best policy,” he says. “I think there’s a risk that if you block certain services, it becomes increasingly likely that people will be deterred from using technology altogether.”
Madhusuthan concedes that although social media is prevalent in the modern enterprise, he and BMTC’s senior management could not justify a lax policy towards its use. “While there are some businesses that use social media as their CRM solution, it’s not really applicable in our case,” he says. He does feel that certain platforms should naturally be exempt from the ban, however. “LinkedIn is a tool which can be used at full value for business opportunity management. It’s a great source of new professional information. Everyone is using LinkedIn these days so it has to be used.”
Skepticism around employee use of social media was more than justified. BMTC had previously experienced the effects of ransomware, with company endpoints being held hostage to cybercriminals. Suffice to say, Madhusuthan was keen to avoid a repeat of that process. “We needed better security of our network, with reduced risk for these kinds of threats,” he says.
With IT security always a sensitive subject, Madhusuthan opted to continue using the services of one of BMTC’s long-term partners. “We have been using Cisco for the last twenty years, so there is an established level of trust with them,” Madhusuthan says. BMTC decided to implement a suite of Cisco security solutions, comprising its Next Generation Firewall, which integrated ASA 5545 – X with FirePOWER Services, centralised authorisation tool FireSight Management Centre 750, Cisco’s URL filtering service and Advanced Malware Protection.
The BMTC IT team set to work on the initiative, and, eager to realise the benefits of effective social media monitoring, completed the implementation in the space of a month, with work largely completed outside of office hours to avoid downtime. Madhusuthan’s strong relationship with the company’s senior management – who were very keen to experience benefits of a new solution – was a catalyst in the project’s haste. “Getting their approval was fairly straightforward,” he says. “The implementation was a case of revamping existing firewalls and solutions, but updates that stood to provide a great deal of new value to the company.” Nonetheless, BMTC became “one of the first” companies in the Middle East to implement the solution, a source of pride for Madhusuthan.
BMTC’s IT department now has a centralised management platform for security threats, and has helped to accelerate the company’s smart initiatives. The solution has allowed BMTC to filter employees’ social media use according the classifications set by Madhusuthan. “Previously, we didn’t know how much time employees spent on social media, but we have now implemented an effective tool to give us peace of mind that they are not abusing the limits that we set for them,” he says. “We don’t want to cut their use off altogether, but it’s more about bringing in reasonable levels of control. Employees who frequent sites like Facebook and YouTube too often, as well as those who are downloading content – which creates bottlenecks – can be stopped.”
Madhusuthan says that the solution has already prevented a host of employees from downloading film torrents via the company network, which is already reducing the risk of malware being brought into BMTC. “These attempts are immediately blocked,” he says. “This has saved the time of our IT staff in protecting BMTC from viruses that can easily be introduced.”
As attempts to determine the solution’s impact continue, Madhusuthan is confident that tangible benefits will be apparent in time. “Our analysis is still ongoing, but the solution is allowing us to monitor the management of a variety of technologies, so I’m sure it will be deemed a success.”
Well aware of the need to educate employees about the range of cyber-threats that BMTC is exposed to through accessing malicious content, he has spearheaded a campaign to educate users about the importance of safe online practices. The IT department now “frequently” sends information to employees and gives face-to-face tips on how they can be more cautious.
Madhusuthan feels the way that this information is shared can be the difference between whether an employee takes note or simply discards what they are sent. “If we send them an email with links, people don’t necessarily understand what we are trying to convey,” he says. “The information that we send our employees has to give short, sharp tips on simple things that they can do. Most importantly, we have to show how it can benefit them and help the work they do, so it’s important for the IT department to translate business value into employee value.”
He opines that user education is paramount in ensuring the success of the initiatives that IT delivers. “It’s essential,” he says. He has also partnered with the company’s HR department to ensure that staff take the threats seriously, and that safe IT practices have to be a firm pillar of company policy.
“When alerts flash up from the IT or HR department, people tend to look,” he says. “It’s not always clear for employees what company policy can be, so that’s why we’ve brought HR on board to clarify this. They can then take this information on board in a matter of a few short bullet points. In terms of IT security, educating users about devices and products is still so important.”