Vandana Verma

Security Leader

Un-desireable. Un-imaginable. Un-thinkable. We still have the capacity to out beat the threats to your privacy.

The time is challenging. No one ever believed that a pandemic would leave us stranded. We will be home for such a long time even though some of us always wanted to work from home but never this way. Most of the organisations are trying to keep the spirits of the employees high and making sure they are safe from the critical situation outside. For many companies especially start ups who didn’t have the infrastructure and facilities for the employees and were surviving just on the need base.

With work life and personal life so completely intertwined at home, both employees and organisations are concerned about security and privacy issues. Attackers are also using the situation to their advantage and cyber attacks are at their peak as well as the thresholds for web traffic are spiking high. For an organisation it’s even a bigger challenge how to enable their teams to work securely keep their personal and organisation data safe.

The companies who never worked in such an agile fashion from working anywhere, its a bigger challenge to cope up with, during these times. Lots of people are trying to figure out how to connect to clients' environments when VPN seems to be clogged because of the high traffic.

There are certain security challenges which organisations are facing while trying to enable the remote workforce

● Enabling remote connectivity (Virtual Private Network or other options) for the users to the organisation or client network.

● Ensuring users have technology assets like laptops/desktops, Internet connectivity etc which are approved by the IT team and as per company build standards.

● Users connecting to a public or shared wifi is a big challenge.

● How to securely host/participate in remote meetings/ client discussions.

● Access work emails through web access (ex - Outlook Web Access)

● Organisation compliance policy concerns

● Unauthorised physical access to the devices

● Employees using personal devices for official work

● Implementation of web usage policy over private internet

● Keeping track of installed unauthorised/potentially malicious software on the system.

● Providing Elevated access on the system or applications required for the business support.

● If we are allowing the users to use their personal devices then do they have security solutions on their personal devices.

● Updating the security policies and Missing security patches

● How to tackle data breach or asset loss

We as cyber security researchers have a huge responsibility on our shoulders to safeguard the organisations data from the malicious actors which are trying to take advantage by

● Spear Phishing emails especially crafted with COVID-19 themes

● Malicious actors are trying to fetch as much as details from social media

● Accidental sharing of information on the social media

● Remote access points getting compromise

Organisations can take certain initiatives to safeguard itself from any compromise:-

● Educating the users on the security best practices while working remote.

● Providing the guidance to the users on desktops/ laptops use policy.

● Periodically Sending compliance notifications to the users to update the patches or policies by connecting to the organisation VPN.

● Guiding and testing the users by running the phishing campaigns.

There are few best practices which users can follow to avoid any compromise

● Don’t click on the email links or attachment if you are not aware of the sender, it could be a scam email.

● Don’t click on any forwarded link on your company laptop, be aware of the phishing scams and attacks.

● Don’t share your personal or confidential information with anyone pretending to be from a healthcare department.

● Don’t copy any official data on your personal system.

● Do not use your personal emails or messaging apps on the same system.

● Use a VPN to connect with the company’s network.

The most important way to get the users Authentication, authorization workflows in place with the right set of access to the applications can be one of the solutions which can be achieved.

We will go back to normal but that will be ‘New Normal”. The situation is giving us a new way to look at things, how things can be planned and be uncertainty ready. This situation we are in will re-establish the importance of security which is sometimes ignored by many organisations.