In light of the pandemic that has taken the entire world by storm, starting with China and then the European Union turning out to be the new epicenter, businesses have suffered big blows. The negative disruption brought forth by the global outbreak of the COVID-19 virus (or popularly known as the novel Coronavirus) has led to most organizations enabling their employees to work from home to ensure the continuity of their business. However, this brings with itself several implications from the cybersecurity perspective, along with people management issues in general. To throw some light on these issues, top security and risk management leaders took part in an intriguing virtual panel discussion on the topic ‘Cybersecurity enabling businesses in COVID-19 situation’ on 21st March 2020, hosted by CyberFrat – an enterprise risk management community.
As we write this, India’s count of people infected with the novel COVID-19 virus is far lesser than others, yet the rise is alarming. The unprecedented change in the working styles of almost every employee today has received mixed reactions. However, it is of utmost importance to ensure that security protocols are thoroughly observed to minimize losses to businesses in these testing times. As a step to spread awareness regarding the best practices in this regard, CyberFrat hosted a diverse panel involving exponents in technology, cybersecurity and risk management from multiple industry domains. The distinguished panel consisted of:
Views mentioned during this online panel discussion are purely situational and advised from learning and sharing from the experience of the fellow practioners on the CyberFrat platform. The views expressed by the speakers are their own personal views and do not represent the views of the organisations they represent. Its advised to all readers to practice discretion before the application of any resolution advised during this discussion.
The panel kick-started the discussion with an understanding of the impact that the COVID-19 situation has had on the current state of affairs, admitting to the fact that social isolation has helped but the worst might be yet to come. Drawing similarities with how the WannaCry ransomware had impacted the world in 2017, the esteemed speakers spoke about how the impact of the current crisis has been very serious, with India being on the tipping point. Lockdowns shall jeopardize the Business Continuity Planning (BCP) of organizations and have large downstream impacts. Looking at the bigger picture, there is a rising need to combat the increasing fear, mass hysteria, and risks by exploring possibilities where technology can intervene to solve the crisis. The obvious solution amidst social distancing is effective and efficient remote working, for which CISOs have a huge role to play along with other business leaders in understanding the organization’s investments in security and Work-From-Home (WFH) capabilities and the readiness of its employees to adapt to the inevitable transition smoothly. Fortunately, many organizations have been able to survive because of timely precautions taken.
“The impact on the business is very high, but things will change for the better. It’s a good lesson learned.”Mr. S V Sunderkrishnan
It is quite a logistics puzzle for companies to properly implement the temporary shift to WFH for the safety of their workforce. Barring the additional costs in procuring hardware, a lot of security software needs to be installed on the laptops that employees shall use at home. Moreover, with laptops getting scarce in availability, the trend of employees carrying their office desktops to home is likely to continue, bringing with it the challenge of monitoring changes made in company desktops outside office premises. While working on the Cloud is a good option, cost factors and managing shared responsibilities in the Cloud environment can be challenging. The new work culture has increased the chances of security threats by 4 times, with added responsibilities in enforcing policies on personal devices, filtering out genuine and malicious activities, giving special attention to critical mechanisms and to spread awareness about phishing, spam mails, spear phishing, social engineering, and fraudulent calls. The panel also discussed how employees usually show erratic behavior while working outside the office, often due to distractions at home, impacting business applications. However, organizations must tackle multiple problems strategically instead of rushing into forming solutions.
“Don’t put all eggs in one basket. Deal with concentration risk wisely. There is no shortcut to success!”Mr. Kalpesh Doshi
Acknowledging the fact that remote access policies are very crucial at this point, the panel discussed how organizations should plan to scale up applications, especially the ones involving regulated data. Some of the key insights from the technical aspects of the WFH culture are:
As most organizations struggle to identify critical processes and follow government norms, it makes sense to admit that only a fraction of all business functions can be carried out by employees from home. Processes involving regulated data should be kept inside office premises, otherwise, they shall be exposed to an increased array of cyberattacks. BCP has to be scaled up from the usual coverage of 10-15% of business processes alongside ensuring cyber-resilience and maintaining cybersecurity hygiene. As in most other cases, digital transformation is to play a major role to implement the required strategies, such as outsourcing security functions to specialized cloud service providers, enabling helpdesk teams with remote access, devising multiple backup plans, etc. Only a proactive approach to deal with such unprecedented events and timely mock-drills can provide the required immunity to companies. From a people management perspective, it is essential for all employees to stay connected as much as possible. Employees should work productively from secured areas following all security measures and work schedules, avoiding public unsecured networks. To maintain the right levels of motivation and to avoid legal trouble, the leadership teams must focus on communicating security awareness to minimize human errors and keep employees happy by giving usual attention to them and taking initiatives such as organizing virtual happy hours.
“We are talking about social distancing but in reality, this is just physical distancing. We can still stay social and connected.”Dr. Aditya Mukherjee
The panelists, apart from engaging in the discussion amongst themselves and busting several myths associated with the WFH culture, also answered the queries of the inquisitive audience. Here are some of the insights that were gained from these engagements:
The engaging 90-minutes long panel discussion threw light on several key cybersecurity aspects revolving around the BCP standpoint of modern businesses in the ongoing global crisis. It was evident how communication is the major key for the activities to stay in BCP and to keep motivating employees. Security is the main enabler amidst technological enforcements, yet the human factor has to be addressed as well. Moreover, hygiene must be observed everywhere and communicated properly to all stakeholders.
“This is great learning for all businesses that are largely dependent on IT – we have to still remain in touch as human beings rather than just users of technology.”Mr. Ajay Bhayani
The session concluded with the distinguished panelists appealing to the general public to refrain from sharing viral content that can unnecessarily spread panic and to avoid overbuying necessities such as groceries as that can impact us heavily later.
Wishing all our readers a safe journey ahead!The CyberFrat Team