How we are successfully managing & delivering the Cybersecurity Services during COVID-19 situation?
By now, we all already went through COVID pandemic’s first wave. The second wave has started hitting the world. Though this was a completely new experience to almost all businesses, but a few got adversely affected and found it difficult to learn the new normal. Just like our health, Cyber Security has to get utmost attention along with the business continuity. While we had an important responsibility to protect our customers and their valuable data, we had to make sure we are mature enough to do it seamlessly.
As the COVID-19 public health crisis started spreading, we were having serious thoughts on how we can break the chain and protect our employees. Remote working was no more a new phenomenon, but lots of IT companies were reluctant to provide the work-from-home option to their employees due to Infrastructure facilities, Security & Privacy concerns, Communication challenges, and many more reasons. Infoshare-Varutra had a long vision on how things will go in this year, 2020. The COVID-19 pandemic has brought a massive cultural shift among employees. Remote working culture has now taken a central place, and employees around the globe have been adjusting their seats to meet their organizational needs. Let us look at how we are successfully managing & delivering our cybersecurity services in this COVID-19 situation as our employees are working remotely from home.
Quick and Right Decision
As our management was up to date on the latest alerts of the pandemic and the HR Team was also very vigilant about this, they have developed a new policy for work from home, arranged required facilities within a short period of time, and made the correct decision by allowing everyone to WFH even before the lockdown was declared by the Indian government. Because of these measures, some of our employees were able to move to their hometowns, especially those who were living alone and relying on others for their daily needs. Therefore, none of the employees has faced inconvenience due to the lockdown or got infected by COVID-19 yet, which resulted in smooth, uninterrupted and productive work in such a hard time.
Equipped with Technology
We had already established technologies such as High bandwidth internet with backup lines, secure labs for performing assessments, remote connecting software, controlled assets, VPN connectivity, etc. We rapidly took the snapshot of the same to address any additional technology needs for remotely working employees. We have strengthened our project management systems and processes and overall working styles, which is helping us to save time and keep track of the workflow. It helps team members stay updated and work collaboratively with their peers.
For quick collaboration & video conferencing, we use visual cues & messaging functionality tools like Hangouts, Microsoft Team, Skype, and Google meet across the organization to connect internally or with clients, which can be used for simpler, less formal conversations, time-sensitive communication as well as reducing the sense of isolation among teams. We have also given importance to a few automation tools to help the team manage their ongoing contributions remotely with more efficiency. We follow the bottom line of handling everything securely with required flexibility. In fact, we have shared a few advisories such as how to use Zoom-like applications securely. You can read it at https://www.varutra.com/?s=zoom
Build Effective and Secured Infrastructure for Virtual Workplace
As we had to organize and manage everything remotely, the important challenges were to build an effective and secured infrastructure. We assigned a digital workplace manager and support team to help employees work remotely, assist and provide tools needed for the remote workstation.
We provided secure VPN access to enable our employees to access our network and respective resources from home post verification of the employee laptop security as per the process which helps to enhance the security posture. A dedicated Internet allowance has been provided to employees during the pandemic and follow-up from the respective authorities to ensure stable connectivity during the work timings. As the rate of cybercrimes has increased during the Corona outbreak, security is the main concern, having strong passwords often isn’t enough. To add an extra layer of security for protecting our employees’ accounts, we introduced two-factor authentication and verification. We back up all important files regularly and use advanced and updated endpoint antivirus solutions that detect and block known malware. Also, we have a rigorous checking process for monitoring the network traffic to identify anomalies.
Training and Security Awareness
Learning & Development are key factors that every individual would look for. We often conduct training sessions for our teams to help enhance their skills and knowledge owing to the need for keeping them vigilant about various social engineering attacks.
We asked the Attack & Pen-Test team to conduct spear phishing attacks on our employees for alerting them about the evolving cyber threat environment. Being into the Security consulting business, giving cybersecurity awareness training to employees has helped our team avoid cyber threats. The precautionary measures have helped them remain focused and hyper-vigilant about suspicious activities.
Project Execution & Security
Once upon a time, working from home was a rarity; however, it has now become a necessity because of the pandemic. Infoshare-Varutra has ensured that the assets of the employees, as well as the client data stored on these assets, are safe and project deliverables are delivered on time. The following are some of the steps that have been taken to ensure security as well as timely deliverables when it comes to project execution:
- Every employee is required to connect via the VPN to the office network for the assessments being carried out.
- Using Active Directory for all company assets to make sure that the policies for all the assets can be controlled from a single domain controller. Some of these policies include strong password policies, idle lockout for the asset which locks out the user upon a specific interval of inactivity, etc.
- Implementing strong password policies across resources to ensure that the data stored on the assets are safe.
- Following strict policies such as patch management, updating anti-virus& anti-malware software, endpoint security solutions, network defense technology, periodic VAPT, and Application Security assessments.
- We have security testing labs with security assessment tools, and UAT servers for development teams.
- We follow regular, easy to take and manage project data backups across the organization
- The Managed SOC team has been performing security monitoring of the traffic for attacks, alerts, events along with systems health statuses.
Flexible and Task-Based Work Environment
While working from home, it was not easy to micro-manage everything. A few team members faced challenges like poor internet connectivity, power cuts, technical issues, etc., which made it challenging for them to do everything like in the office, but all that was handled wonderfully by effective coordination and real-time status updating of the tasks. We procured tasks management software.
Instead of focusing on activities, our leaders and team members concentrated more on the outcome. Quantitative and Qualitative support was delivered by all the team members while meeting the client project deadlines and taking appropriate measures to address any situation. It is equally important to keep employees’ morale high in this time and hence we are working with added flexibility to the employees and trying to see how we can make their work easier without compromising on quality.
In conclusion, the pandemic has created enormous challenges for continuing regular operations of businesses which led us to improvise our methodology and work culture. With robust network infrastructure, we have continued our regular operations to provide security services. Also, with new upcoming vulnerabilities in the pandemic, we have also implemented a Cyber Security Advisory and launched Cyber Threat Post to spread awareness of the upcoming threats and attacks. Finally, we have overcome these cons; we tried, learned, and succeeded to manage & delivered our cybersecurity services in this COVID-19 situation by working remotely from home and adapting to the new normal.