How we are successfully managing & delivering the Cybersecurity Services during COVID-19 situation?
By now we all have already gone through the COVID pandemic’s first wave now the second wave started hitting all over the world. Though this was a completely new experience to almost all businesses, few really been adversely affected and finding it difficult to learn the new normal. Just like the health front on cybersecurity has to get utmost attention along with the business continuity. While we had an important responsibility to protect our customers, their valuable data, we had to make sure we are mature enough to do it seamlessly.
As the COVID-19 public health crisis started spreading, we were having serious thoughts on how we can break the chain and protect our employees. Remote working was no more a new phenomenon, but lots of IT companies were reluctant to allow work from home to their employees due to Infrastructure facilities, Security& Privacy concerns, Communication challenges, and many more reasons but we at -Infoshare-Varutra had a long vision on how things will go in this year 2020. The COVID-19 pandemic has brought a massive cultural shift among employees. Remote working culture has now taken a central place, and employees around the globe have been adjusting their seats to meet their organizational needs. Let us look at how we are successfully managing & delivering our cybersecurity services in this covid-19 situation as our employees are working remotely from home.
Quick and Right Decision
Our management was up to date on the latest alerts of the pandemic and the HR Team was also very vigilant about this, they have developed a new policy for work from home, arranged required facilities within a short period of time, and made the correct decision by allowing everyone for WFH before lockdown declared by the Indian government, so due to that reason our some employee was able to move to their hometown who are living alone and rely on others for their daily needs like food, etc. and due to that reason, none of the employees has faced side effects of lockdown and infected by Covid-19 yet which result working smoothly, uninterrupted and productive in such a hard time.
Equipped with Technology
We had already established technologies such as High bandwidth internet with backup lines, secure labs for performing assessments, remote connecting software, controlled assets, VPN connectivity, etc., We rapidly took the snapshot of the same to address any additional technology needs for remotely working employees. We have strengthened our project management systems and processes and overall working styles which helps us to save time and keep track of the workflow. It helps team members stay updated and work collaboratively with their peers.
For quick collaboration &video conferencing, we used visual cues & messaging functionality tools like Hangouts, Microsoft Team, Skype, and Google meet, across the organization to connect internally or with clients which can be used for simpler, less formal conversations, time-sensitive communication as well as reduce the sense of isolation among teams. We have also given importance to few automation tools to help the team manage their ongoing contributions remotely with more efficiency. We followed the bottom line of handling everything securely with the required flexibility. In fact, we shared a few advisories such as how to use a zoom-like application securely. You can read it at https://www.varutra.com/?s=zoom
Build effective and Secured Infrastructure for Virtual Workplace
As we have to organize and manage everything remotely, the important challenges were to build an effective and secured infrastructure. We assigned a digital workplace manager and support team to set up work remotely, to assist and provide tools needed for the remote workstation.
We provided a secure VPN to enable our employees to access our network and respective resources from home post verification of the employee laptop security as per the process which helps to enhance the security posture. A dedicated Internet allowance has been provided to employees during the pandemic and follow-up from the respective authorities to ensure stable connectivity during the work timings. As cybercrime has increased during the outbreaks, so security was the main concern, having strong passwords often isn’t enough. Two-factor authentication and two-step verification involve an additional step to add an extra layer of protection to an employee’s accounts. All-important files should be backed up regularly and we ensured a good & advanced endpoint antivirus is in place and fully updated for detecting and blocking known malware. A rigorous checking process followed for monitoring the traffic for any anomalies.
Training and Security Awareness
Learning & Development is a key factor that every individual would look for. Our Cross-training delivered among teams has enables skills enrichment & new learning ability. By Reinforcing the need for remote workers to remain vigilant to socially engineered attacks.
We asked the Attack & PenTest team to conduct a spear-phishing attack on our employees alerting them to the escalating cyber threat environment. Being into the Security consulting business giving Cyber Security awareness training to employees has helped our team avoiding cyber threats & its precautionary measures to reminding them that they must remain focused and hyper-vigilant to suspicious activities.
Project Execution & Security
Once upon a time, working from home was a rarity; however, it has become a necessity because of the pandemic. Infoshare-Varutra has ensured that the assets of the employees, as well as the client data stored on these assets, are safe and project deliverables are delivered on time. The following are some of the steps that have been taken to ensure security as well as timely deliverables when it comes to project execution:
- Every employee is required to connect via the VPN to the office network for the assessments getting carried out.
- Using Active Directory for all company assets to make sure that the policies for all the assets can be controlled from a single domain controller. Some of these policies include strong password policies, idle lockout for the asset which locks out the user upon a specific interval of inactivity, etc.
- Implementing strong password policies across resources to ensure that the data stored on the assets are safe.
- Following strict policies such as patch management, updating anti-virus& anti-malware software, endpoint security solutions, network defense technology, periodic VAPT, Application Security assessments.
- We provided up security testing labs with security assessment tools, UAT servers for development teams.
- We follow regular, easy to take and manage project data backup across the organization
- The Managed SOC team has been performing security monitoring of the traffic for attacks, alerts, events along with systems health statuses.
Flexible and Task-Based Work Environment
Working from home, it is not easy to micro-manage everything. Few team members faced challenges like internet connectivity, power cut, technical issues, etc., which make it challenging for them to do everything like in the office, but all that which has been handled wonderfully by effective coordination and real-time status updating of the tasks. We procured tasks management software.
Instead of focusing on activities, our leaders and team members concentrated more on the outcome. Quantitative and Qualitative support was delivered by all the team members while meeting the client project deadlines and taking appropriate measures to address any situation. It is equally important to keep employee morale high at this time and hence we are working with added flexibility to the employees, keep trying to see how we can make their work easier without compromising on quality, etc.
The overall conclusion, the pandemic has created enormous challenges for continuing regular operations of businesses which lead us to improvise our methodology and work culture. With robust Network Infrastructure, we have continued our regular operations to provide security services. Also, with new upcoming vulnerabilities in a pandemic, we have also implemented a Cyber Security Advisory and launched Cyber Threat Post to spread awareness of the upcoming threats and attacks. Finally, we have overcome these cons; we tried, learn, and succeed to manage & delivered our cybersecurity services in this Covid-19 situation as working remotely from home and adapted to the new normal.