InstaSafe: A Startup That Helps Others Avoid Data Security Threats Once And For All
As more and more people have started working from home, confidentiality and data privacy issues have been on the brim. In order to address this, leading organisations have taken ample measures, however, it seems that a gap still prevails
Over the days, Express Computer has been reporting massively on how firms have been reported numerous cyber attacks. This practice has been emulated more while organisations have been working remotely. Industry sources have said that in the past few months, tentatively there has been at least 40-50 percent rise in devices in the enterprise system, which in turn has led to a lot of cyberattacks.
Instasafe Technologies, a Zero Trust security solutions provider, has a solution to address this problem. They even acquaint us with the different types of threats that hamper enterprises, and how is InstaSafe managing this menace.
Sandip Kumar Panda, Founder & CEO at Instasafe, shares his bit.
What kind of threats can hamper enterprises?
Described as the world’s largest wfh experiment, we are in a situation wherein organisations have been forced to function with a large distributed workforce, and with inadequate security setups to back up access to remote employees. Given the astounding stats with regard to remote workforces, what this entire scenario has done is create an environment where malicious actors of all kinds thrive. We have seen instances of coronavirus related phishing attacks since January.
To cite some examples, we have seen threats like a master boot record wiper called ‘Coronavirus’, which overwrites Windows system users’ computers, and renders them useless in the process. We have also had malicious Android apps that spy on users who install them on their devices. In essence, we are faced with a situation wherein the information security team of every organisation will have to be constantly on their toes to deal with the challenge of a much larger attack surface and will have to extend remote access capabilities while keeping security capabilities in mind.
The primary risks happen when technology is removed from places wherein they can be controlled. Catering to a remote workforce brings with it the inherent risks of having a larger attack surface to protect. The fact that some of your employees may be using corporate assets on an unsecured public network brings with it the fear of threat actors intercepting critical assets and exploiting unprotected networks to launch attacks on your security infrastructure. This is further accentuated by the fact that malicious actors just happen to have a lot of free time in their hands, resulting in an exponential rise in occurrence of breaches. These threats aren’t just limited to outside attacks. Given the tough road ahead, in terms of economic recessions, it is expected that large layoffs will inevitably lead to disgruntled former employees trying to siphon off sensitive data, necessitating the need for additional layers of security.
What security trends are being observed by you in India?
The cybersecurity landscape in India has been witnessing a marked change over the last 2 years or so. With landmark judgements such as the Puttaswamy judgement on the Right to Privacy, businesses have begun looking keenly at tools that protect themselves from data breaches. This has been further accentuated by the COVID-19 outbreak, forcing companies to rethink their remote access strategies, and along with it, audit their security infrastructure. With the draft Data Protection Bill, the focus on data privacy on cybersecurity is set to reach a tipping point in 2020. In addition, IoT in India is on the rise, and along with it, viable security considerations have to be factored in, paving the way for cybersecurity companies to make a big splash in 2020.
How is InstaSafe managing the same?
InstaSafe has always been an advocate of replacing traditional solutions with cloud-based security solutions which are not only more secure, but can be scaled up within minutes, and are easy to use. We put in motion our business continuity plans as a part of which we started inspecting all our endpoints currently enabled with the InstaSafe ZTAA solution. At the same time, we contacted all our customers with regard to extension of our services to a larger part of their organisation.This was done because most organisations employing traditional solutions like VPNs didn’t have the bandwidth to expand the capacities of their VPN services at such short notice.
At the same time, we recognised one of the primary challenges that many organisations would face in the light of the outbreak and the impending lockdown it caused. Due to the lockdown, many organisations, especially those belonging to the MSME sector, were found to be woefully inadequate in terms of securing their endpoints and extending remote access to their workforce. With InstaSafe Emergency Access, we provided free installation and support charges for 60 days to these organisations, and rolled out special plans to support them thereafter.
Given that InstaSafe ZTAA is scalable on-demand, and doesn’t require significant training to use the interface, we have received an elated response from all of our customers. Our customers and internal employees have been very happy since they did not have to do much on the setup part and it was deployed within minutes across the globe. Our customers are happy since it is way secured than the traditionally used VPNs and is hassle-free since it is cloud-delivered and does not require any new hardware. On further interaction with our customers, we understood how our solution was helping them with their business continuity plans and this helped us ride on the emotions of the market and carry forth our efforts to secure organisations from the security implications of handling large remote workforces.
At this point in time, around 1 billion people are working from home across the globe and we at InstaSafe are working round the clock to ensure our solution reaches those in need and help them navigate this at these difficult times in a hassle-free manner.
What safeguarding measures can companies take against cyber threats?
- Assess the capacities of your remote access capabilities. The remote assets of an organisation are usually the most vulnerable to a breach
- Encrypt all data, have multiple back ups of critical data
- Educate and sensitise staff on the cybersecurity requirements. (Important especially in the wake of an increase in remote workforces, a majority of whom access enterprise applications on public unsecured networks
- Review your current security setup and assess the security gaps that exist in them. A majority of companies, including tech moguls, are still using legacy based security setups, which are ill equipped to handle modern day breaches.
- Regular update of all anti spyware and anti virus programs in your business computers
- Secure all Wifi networks being used to access your enterprise applications. Update passwords on a regular basis
- Update OS on all systems
- Zero Trust Angle: Use security measures like MFA, and microsegmentation to isolate access, and allow employees to access only those resources only which they need to access (A restrictive access, Zero Trust Model)
- Be open to adopting disruptive technologies like Zero Trust Security in your organisation
- What employees can and must do to work safely from home?
- Access enterprise applications on private secured networks only
- Update Wifi and system passwords weekly. Use strong passwords
- Install OS updates and app updates as soon as possible. The updates may be security patches
- Use company approved VPN, or SDP, or any remote access security tech
- Avoid phishing mails. Verify any suspicious looking mail before clicking on their links
- Avoid doing personal work on work devices
How can enterprises and their at-home workforces prevent a cybersecurity threat?
Assess. Evaluate. Secure
- Assess the capacities of your remote access capabilities
- Factor in all requirements for on premise and cloud applications that your employees use
- Evaluate gaps in your security setup for remote access employees
Test your remote access setup:
- Review the number of workers you intend to support
- Test all critical applications for capacity, down to the departmental level
- Create separate private connections for employees performing critical operations
Sensitise your employees
- Ask your remote workers to harden their routers
- List out the cloud applications being used for remote communication, and secure them
- Scammer Awareness and Sensitisation
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]