CASE STUDIES

EP Production – The human factor for remote working safety

Overview

EP is the 5th-largest electricity producer in Italy, with a total generation capacity of 4.3 GW operated through six thermoelectric power plants. Together with the Czech EPH Group (Energetický a průmyslový holding), it is one of the largest electricity producers in Europe. EP Produzione operates in Italy through a number of subsidiaries and investee companies.

The challenge

The pandemic emergency has accelerated the adoption and spread of remote working. The combination of agile working and cyber security is indicative of enormous progress in terms of digitalisation, but also of major challenges. That is why it is essential to take action through training to work on the human factor.

The solution

Providing employees with comprehensive training against cyber risks, with the aim of turning the weak link in the protection system into the first line of defence against cybercrime, with a highly effective formula that allows training to be extended within the family unit as well.

The forced shift to smart working has brought new problems in terms of cybersecurity and corporate data protection.

From a cybersecurity perspective, remote or hybrid forms of working (in which periods of performance within the “physical” corporate environment are alternated with remote activities) have provided enormous opportunities for cybercriminal organisations.

First of all, due to the fact that remote working users find themselves operating in an environment that does not have the same level of protection as the corporate environment.The first factor of digital vulnerability in organisations, concerns the behaviour of employees: the technical characteristics of networks, entrusted to a “home” router not controlled by the company’s IT department, which results in lower overall security level. Indeed, the endpoints cannot be protected by all those centralised control systems (such as firewalls) that act at a network level. Not only that: remote working shifts the focus of security to the issue of authentication and management of log-in details to access corporate services and resources. This is an aspect that cyber criminals exploit to their advantage by using social engineering techniques, such as phishing, which are aimed at deceptively extorting credentials from their victims.

“The decision to start a multi-year in-company training course entrusted to Cyber Guru specialists was a natural progression from the focus on IT security that characterises our company,” says Giovanna Ruggieri, Head of ICT at EP Produzione. “A large proportion of security incidents in the IT sector result from human error, and in a hybrid working environment the risk increases exponentially. The topic of phishing was central to the training course, and equipping employees and collaborators with the tools to recognise and avoid this type of threat can greatly reduce the risk of an attack by stopping it at its source,” says Giovanna Ruggieri.

The importance of a safety culture in remote working

Another element that needs to be addressed is the inevitable confusion between the private and the professional sphere, which leads to an increase in the attack area available to hackers: personal devices may be protected by weaker passwords, and when the employee in remote working “mixes” personal, work and play-related activities, it is highly likely that one may fall victim to an attack.

That strict distinction between business and personal data and services, which in a normal context is linked to the use of separate devices, is in danger of disappearing in remote working. While technical solutions can help maintain a boundary between the two realms, the real key factor is the behaviour of the individual worker.

“In establishing the training course set up with Cyber Guru, we involved all areas of the company, working not only with human resources and IT, but also and above all with communications people,” says EP Produzione’s ICT manager. “This is done by addressing a specific topic each month, employing simple language and practical examples in the use of common IT tools,” says Ruggieri. “In our experience, this method led 90% of the company’s workers to take the course. A result that we consider extremely satisfactory.” To read the full interview prepared by Zero Uno click here.