The times now are quite challenging for corporations. However, almost all of them have adapted to certain technological advances that have maintained the sanctity of the business curve up and running. But, a lot of organisations have expressed the concern that cybercriminals have been pretty active at their end, and imposed threats to cybersecurity, business resiliency, and data privacy.
What are some of the guidelines that a CIO needs to abode by while there are a plethora of challenges lying everywhere? Neelesh Kripalani, Sr. VP and Head – Center of Excellence (CoE), Clover Infotech gives us some interesting details.
What are some measures CIOs should undertake to minimise the impact of Corona Virus on their businesses?
The world has mandated social distancing and lockdown as measures to physically combat the coronavirus pandemic. Enterprises and their CIOs have been left with no choice but to implement work from home (WFH). While it must be appreciated that they did not get sufficient time to do it as efficiently as they would have liked, this cannot be used to cover up for security breaches or vulnerabilities that the new landscape has brought about.
Employees are accessing enterprise applications, systems, and data from multiple devices and internet connections. This gives a lot of entry points for a cyberattack. CIOs must bolster the security across all devices and safeguard all applications, systems, and databases from unwanted intrusion that can lead to business risk and reputation loss.
CIOs should also drive measures that can educate the employees to identify malicious emails and empower the entire organization to proactively counter any malicious attempts on their technology infrastructure. CIOs should also leverage new-age technologies to build a robust digital infrastructure for employees to work remotely. This includes enabling them with secure devices, collaboration, and communication tools such as email or instant messaging, CRM, and ERP systems with secure corporate networks, and video conferencing or live streaming solutions so that the core business operations can function seamlessly.
How should organisations ensure robust cyber-security when employees are working from home?
While working remotely, establishing strong cybersecurity practices becomes essential as hackers use this as an opportunity to launch cyber-attacks. However, ensuring cybersecurity is a shared responsibility between an organization and its employees. Organizations must introduce resilient security policies and provide secure devices, collaboration, and communication tools to their employees. It must also ensure that all access to an enterprise’s data and systems is through a secured VPN.
Employees need to take some hygiene steps such as ensuring whenever they are accessing office networks from a personal device, it should have the latest anti-virus protection and that they are using secure and known connection. It is always best to avoid using Bluetooth in a public place as it is easier for hackers to connect to the device. Keeping two-factor authentication for devices, personal and professional, should be a guideline. Further, employees should always use secure, password-protected internet connections.
How do Security Analytics and Monitoring, Data masking, and redaction as solutions help during such times and in general? How does it add to the overall risk management and mitigation efforts?
We live in an economy driven by data. Technology facilitates the network for data to be ambulant and be present – exactly where it is contextual and relevant. The applications, databases and the IT infrastructure in general do play host to data which is extremely critical and sensitive from a business perspective. Safeguarding data and systems are paramount today.
A proactive approach through security analysis to track threat patterns and build intelligence to mitigate any risks to systems is what organizations need to adopt. Organizations are either building Cyber Defence Centers (CDCs) or Security Operations Center (SOC) to closely monitor flow of data in and out of enterprise systems while also ensuring that the access granted to these systems is authenticated. By learning from the patterns of anomalies, and building AI/ML capabilities, organizations are building a proactive framework to not only identify risks but also mitigate them before they can cause damage. This is done by deploying Security Information and Event Management (SIEM) solutions, data leakage prevention, and endpoint security solutions.
Data Masking and Redaction solutions are also vital because unauthorized access to mission-critical databases can not only cause huge business losses but also lead to irreparable brand reputation loss. Data Redaction and Masking solutions ensure that the databases are not compromised, and customer’s and enterprise’s data is completely safe and secure.