How Are Organisations Ensuring Cyber Security While Working From Home?
While remote working has been deemed as the new normal owing to the outbreak of the pandemic, there have been enormous reports of cyber attacks too while equipping to the new normal. What safety measures can organisation abide by?
According to a national publication, hackers have accessed over 7.9 billion consumer records, and experts have been predicting that more than 8.5 billion accounts have a possibility of being exposed by the end of 2020. Last year in 2019, organisations like Quest Diagnostics, Houzz, Capital One, Dubsmash, and Zynga had expressed serious concerns over cyber attacks, and what’s even more worrying is that data is being compromised in such cases.
In order to gain a clear understanding of the same, Express Computer reached out to industry leaders, to gain an understanding about how their organisation is holding up amid such challenging times. Umesh Bhapkar, Senior Director – Systems, Synechron, says, “Cybersecurity teams in big corporations are watching out for social engineering attacks as miscreants rely on user psychology to trick them into doing something that serves the attacker’s purpose. During a time like this, attackers can capitalize on rapid change, confusion, and, at some level, fear. At Synechron, we enhanced our security policies in relevance to the current COVID-19 situation to include remote working access management, the use of personal devices and home networks and the associated risks involved. When we procured and distributed new desktops and laptops, we ensured that these, like our existing machines, also had encrypted hard drives and other security controls before allotting to the employees. The remote work facilities through a virtual private network (VPN) were enhanced with Multifactor authorization, and host checker software to make sure the end points are checked before employees are granted access.”
Now, while working from home, several safety standards have to be borne in mind, especially when employees are using their home computers that has turned out to be their work computer. Stressing on these lines Bhapkar continues, “it’s important for employees working remotely to maintain a security mindset. Thus, organisations are taking efforts to constantly create cybersecurity awareness amongst their employees as often people are the weakest link in the chain.
To control the situation in real-time, Enterprise IT Systems and networks at Synechron are continuously monitored through 24X7 Network Operations Center (NOC), which includes monitoring of our critical applications, servers, and enterprise network. Any potential security incidents involving an attempt for a data breach or web site defacement etc is quickly detected and responded to, by the Computer Emergency Response Team (CERT).”
What unique policies and initiatives has Synechron undertaken to tackle the situation, “IT administrators across organisations, are ensuring that end-user computer system and operating system auto-updates are enabled and operational. Synechron is no exception. Our teams are ensuring regular backups and store backup data in offline locations, which will help to recover quickly from potential cyber and ransomware attacks. Security is never 100% or finished, since the cybercriminals are endlessly innovative and adaptive. It should also thus be noted that cybercriminals need to be successful just once, while the defenders of the organisation need to be successful every single time to anticipate their malicious intents and remain ahead of their game.”
Murtaza Bhatia, Head – Vertical Solutions, NTT Ltd. (India), says, There are a variety of security solutions that organisations can deploy at scale or augment existing services to bolster their cybersecurity posture in an unprecedented situation such as this. These integrated solutions should account for remote working policies, with a variety of measures to protect their data and devices along with heightened monitoring and audit levels to mitigate evolving threats. Integration of multifactor authentication protocols, implementing screen locks, encryption of devices that transmit data to and from the servers and in case of theft, and enforcing tighter controls over home network security through use of VPNs are key features that a comprehensive security solution must incorporate.
Manish Israni, Executive Vice President and CIO at Yotta Infrastructure opines, “Remote working is the new normal and is here to stay. With employees scattered across regions, using different hardware and access points to connect to the Internet and office network, security concern has become a CIOs top priority. Network connectivity at home lacks the level of security an office offers. With the increase in phishing attacks to take advantage of vulnerabilities that have surfaced as a result of remote working, additional safety protocols are required to strengthen the vulnerable working environment.
Companies are required to upskill their workforce digitally and make their processes stricter to ensure that the company’s data is secure. At Yotta, we have ensured that all employee endpoints are secured and update them regularly with the latest security patches. Recently, we also conducted a Phishing simulation exercise to make our employees alert so that they do not fall prey to it in the real world. As a technology service provider, we have access to the latest and best security tools.”
How is Yotta using VPN access for IP protection?
“We use VPN access for IP protection and encrypted data transfers. Password audits are conducted and our IT team ensures that the user’s data is backed up on the cloud regularly. Every employee needs to have security awareness to act safely with company devices and data at all times, whether working from home or office, signs off Israni.