By Neelesh Kripalani, Sr. VP & Head- Center of Excellence – Clover Infotech
The coronavirus pandemic has forced changes for much of the business world, and cybersecurity is no exception. The spread of the pandemic and resultant lockdown has compelled organization to shift to a remote working model overnight. The number of employees working from home have skyrocketed across the globe. This has given rise to newer risks in organizations’ threat landscape. The frequency of phishing attacks have increased significantly during this time. Hackers are leveraging the current crisis to fraudulently direct funds into their accounts or just crash into a system to extract vital data. According to a news report by WHO, a fivefold increase in cyberattacks has been directed at its staff since the start of the pandemic. Due to this, some 450 active email addresses and passwords were leaked online.
This calls for introducing staunch Cybersecurity guidelines and practices. Below mentioned are the 5 basic essentials for creating a secure remote working environment.
· Ensuring employees use VPN to access corporate servers – A virtual private network (VPN) is an Internet security service that creates an encrypted connection between user devices and servers. VPNs can securely connect a user to a company’s internal network or to the public Internet. With Virtual offices becoming more mainstream, employees are dependent on digital tools to collaborate in real-time. This gives hackers the opportunity to exploit security loopholes. Hence, using a VPN becomes a must as it checks connections, using encryption protocols to create virtual P2P connections. If a cybercriminal is trying to access data that’s being transmitted, encryption ensures they won’t be able to do anything with it.
· Mandatory two factor authentication for corporate and personal devices – Employees working from home need to ensure that they use strong and unique passwords for personal and corporate devices. In addition, they should set up two factor authentication (2FA) and two-step verification (2SV) for all accounts. This provides an additional step like an email or text message confirmation, a biometric method etc. to add an extra layer of protection.
· Monitoring network and endpoint security – Companies must continuously monitor their network and end-user security. Since this should be a round the clock function organizations must use AI-powered automated programs to check the system for irregularities or invasion attempts and prompt the IT teams in real-time to take relevant actions. Technologies such as endpoint detection and response can detect new attacks and attack permutations using machine learning and behavioral analytics.
· Enhanced cloud security – Cloud environments enable organizations to enhance customer experiences, improve employee productivity and thrive, even in the remote working model. Cloud provides flexibility to employees to use the same productivity, collaboration and communication tools that they use on-premises with credentials for security. In addition to providing scalability to accommodate the sudden swell in remote workforce, cloud also offers security to increased endpoint accounts and devices due to the work from home mandate.
· Ensuring data security – As per the recent report by Verizon, 30 percent of recent data breaches were a direct result of the move to web applications and services. Since data is the black gold of the current century and it is much harder to track, govern, and protect, cloud solutions providers need to offer virtual firewalls, network security hardware, and virtual intrusion detection and prevention. However, these are at the intermediate level of security. To ensure end-to-end data protection, along with IaaS cloud solutions providers need to offer Data Security-as-a-Service (DsaaS). This complements IaaS as it integrates data protection at the application layer. This places data access services in the path between users who want data and the data itself. It is also portable because it goes where the application goes.