By Neelesh Kripalani, Sr. VP & Head- Center of Excellence – Clover Infotech
The unprecedented spread of COVID-19 worldwide, which is still not subsided, has brought about lasting changes to our professional and personal lives. It has also forced organisations and individuals to embrace new practices such as social distancing, regular hand washing, remote schooling, remote working etc. and now we seem to have adapted to the new normal!
The Bright Side of New Normal
We have shifted from face-to-face to virtual meetings, from visiting our family doctor to consulting with him online. We have traded our runs in the park for working out in front of a screen, and our kids now attend school online via Zoom or Google Meet. The good part of all this is that the life did not come to a standstill and we realized within a short span of time that almost anything could be done remotely via a computer or a smartphone.
The Dark Side of New Normal
This new normal gives us flexibility of time and place. However, it also gives rise to various challenges and cybersecurity is one of those. While the world is focused on the health and economy related challenges posed by COVID-19, cybercriminals around the globe are capitalizing on this crisis to launch well-planned cyberattacks. The cyberthreat landscape has changed drastically in recent months. In this scenario, the ones responsible for cybersecurity must aggressively confront the risks.
Here are the 10 steps that organizations can take to overcome the challenges:
1. Understand the new-age cyber risks: The threat actors are also making use of emerging technologies such as AI/ML to launch cyber-attacks. It is important for the cybersecurity team to understand the new-age cyber risks in order to prepare for the same.
2. Deploy next-generation identity and access controls: Users demand simple access to applications wherever they are, from any device they wish. This calls for a next generation of identity and access management which is driven by the constantly changing set of challenges and provides an effective cybersecurity posture for an organization.
3. Implement secure VPN: The cybersecurity challenges are far greater and more complex than ever before. A VPN provides your business with a securely encrypted connection to the network over the public internet. It provides an important piece of layered security that’s essential for data protection.
4. Adopt robust firewall management: Firewall management is vital to ensure that your business runs without any unexpected breaches. It is undoubtedly an ongoing and essential process as new technology is always incorporated into a business and the same can pose new cybersecurity related challenges.
5. Prepare IT team to set up and deploy remote access systems: Testing all remote access systems is more important than ever. Providing the IT team with a comprehensive security checklist for new systems and system changes can help in this process. This is especially important if personally-owned devices are to be used.
6. Secure the critical business data: The rapid shift to remote working has resulted in the growth of personal devices being used for official use. This is compounded by the use of home networks, which in most cases is poorly-secured. It’s vital to ensure that sensitive data is separated from personal devices or implement a dual-factor authentication for accessing such information. Storing such data in an encrypted manner can be used as an added measure.
7. Have a remote incident response system in place: In the new normal of working remotely, it is imperative for IT teams to practice incident response remotely in case of a cyber-attack (e.g. deployment of back-up remotely). The use of technology should enable fast and efficient communication between the concerned teams in such scenarios.
8. Have a ‘Zero Trust Security’ policy: ‘Zero Trust Security’ means that no one is trusted by default from inside or outside the network, and verification is required before anyone, irrespective of his/her job title, is trying to gain access to resources on the network. This added layer of security can prevent data breaches, especially via an insider threat.
9. Put stringent BYOD policy in place: It’s important for employees to understand the boundaries while using personal devices for work. Thus, there is a need to put a stringent Bring Your Own Device (BYOD) policy in place that includes employee exit strategy as well.
10. Consider investing in cyber insurance: Considering the level of risk that digitization and remote working poses to organizations, an adequate investment in cyber insurance cover is the need of the hour. When the security perimeter is breached, it is the cyber insurance that can protect businesses from the crippling financial implications of such failure.
The pandemic presents an opportunity for full-blown digital transformation. The efforts an organisation will put into its cybersecurity strategy will determine if the opportunity adds to bottom lines or turns into a business threat. By putting the above measures into effect, organizations can not only effectively reduce threats against their employees’ and their company’s proprietary data but also maintain business continuity through trying times.