While a basic level of data security is provided by most cloud service providers, organisations need to ensure control over the security of their own information when hosted on the cloud.
By Rana Gupta
As the world continues to navigate its way through the impact of COVID-19 across all aspects of life, many people today are working remotely away from safe office networks. This is true of metros and other cities of India. Unfortunately, this has also led to a spike in incidents of cyber-crimes threatening the security of organisations’ critical data and communications. Hackers around the world have been trying to implement various cyber-attacks like ransomware and registration of malicious domain names related to COVID-19, among others. This has impacted organisations from across industries.
Organisations should utilize this huge work-from-home exercise as an opportunity for self-evaluation of their critical IT infrastructure. Even the traditional organisations globally have realized the immense business benefit of remote working – decentralized workplaces for business continuity. This is becoming the new norm and hence they should also work towards making themselves more secure from probable cyber-attacks. It is important for all the stakeholders in the data flow chain alike to embrace cutting-edge technology solutions to mitigate risks. Various organisations worldwide are using various kinds of cybersecurity tools to ensure confidentiality, integrity, and non-repudiation of data and the overall continuity of business operations.
Cyber security risks have gained prominence with the advent of COVID-19. In this situation, there are several guidelines and solutions that can help organisations to ensure business continuity and maintain data security. With people working remotely and dependent on cloud services and remote applications, organisations are accountable for ensuring that adequate authentication and access management policies are in place to protect their networks and sensitive data.
It is imperative that organisations guard themselves against software hacking, as software methods alone may not always be sufficient enough and hackers can intrude through various means such as social hacking. Here, organisations can look at securing of SSL (Secure Sockets Layer) keys inside Hardware Security Modules (HSM).
Moreover, the transition to the cloud is expected to gain momentum with more organisations considering it as part of their IT infrastructures. While a basic level of data security is provided by most cloud service providers, organisations need to ensure control over the security of their own information when hosted on the cloud, which can be achieved using Key Management Solutions.
In addition to this, the Work-from-Home model also mandates that the employees communicate and collaborate among themselves and with partners/ customers in a secure digital environment. To make this possible, the messaging platform should have robust security features and strike a balance between convenience and protection along with a built-in encryption system.
To deal with the problem arising from use of insecure personal devices, organisations can implement Smart Access Management and multi-factor authentication solutions such as Biometric, Smart Single sign on (SSO), Grid and One-Time-Password (OTP). Such a combination guarantees applications and resources are accessed only from the devices issued by the organisation.
One must also be careful while accessing links or portals, outside of work, that otherwise appear safe. As an example, cyber criminals have been using fake links for the ‘PM Cares’ fund to dupe people. Not only does one get duped, there is also the risk of infecting organisational IT resources with malware.
Apart from these, the basic but very critical cyber security best practices like timely updating the systems with security patches, avoiding connecting unsafe external USB devices, not accessing personal social media on business devices and turning off the network discovery function, webcam and microphone when not in use should be followed by organisations as well as every individual using digital devices.
It is time for the world to adapt to the changing workplace ecosystem globally and in India, due to COVID-19. With businesses still becoming more aware, cybersecurity is rising as a core technology that is focal in keeping organisations’ and consumers’ critical data secure as they go online.
(The author is VP India & APAC Sales, Cloud Protection and Licensing, Thales)