Covid-19 has shaken the whole world and brought everyone's life to a halt. This highly contagious disease is spreading so fast that Indian Government has ordered 1.3 billion residents to stay home for more than 40 days now. Malls, theaters, companies, shops, restaurants, and manufacturing units are all shut. Businesses and economy have taken a severe hit. Many organizations have asked their employees to work from home.
A company has to take permission from its client if the employee has to work on the client's data from home. Employees need laptop, a good internet connection, communication gear, work-related hardware, and software. Technology has made it easy to do everything online like meetings, attendance, etc. Data security is of prime concern when working from home.
We asked a few founders about how they are keeping data and business cyber secured.
- 10 ways Startups should be Prepared for the Coronavirus Crisis
- 8 Tips to Stay Productive while Working Remotely
Sequretek is a Mumbai based Indian cybersecurity company with offices in Gurgaon, Bengaluru, and the United States. We talked with Pankit Desai, co-founder and CEO of Sequretek, about how to keep data and business cyber secured with work from home, or WFH, becoming a norm.
In the pre-Covid 19 era, employees working across companies were issued laptops and other devices which were checked for security flaws and appropriate end point protection were loaded into them. The entire network architecture and end point devices were periodically patched and checked for security lapses. As WFH was enforced without any notice, companies didn’t get the time or the option to issue cyber safe devices. In some cases, there weren’t enough devices to allocate. Thus, employees are relying on personal laptops, tablets, and other gadgets over unpatched home networks and accessing, sharing, and trading possibly sensitive information with each other to do their work. One of the main concerns we see is that the same devices are being used for personal reasons like searching for a plethora of information—from coronavirus updates to online purchases in your free time. So if hackers gain access to personal devices, they can acquire log details, texts, and there is a good chance that your credentials have been siphoned off. Those credentials can then be used to carry out various attacks. We are aware of certain cases where significant attempts have been made to steal credentials. In order to not be compromised, you can try a few things to help protect your system from such malicious attacks:
- Hygiene: Start treating your personal assets as if they are corporate issued. Try not to access any external storage devices and websites that you would not be permitted if you were working in your corporate environment.
- End point security:
- Enterprises should make sure that all the devices (both company issued and personal) that are being used to access the company’s network have updated security software with auto-enabled patching. Use freely available antivirus software or 30/90 days trial version products, if needed.
- Avoid using Windows 7 as most security products don’t support this operating system anymore. If you are still using it, ensure that the antivirus software is enabled. Windows 10 would be preferred as it comes with in-built security features.
- Freemium antivirus: Avast / total AV; 30/90 day free trial: Norton/McAfee/ TrendMicro. Also, check out www.cert-in.org.in.
- Network security devices and rules will need to be reconfigured to support external communication:
- Enterprises should ensure that the security monitoring capability understands the difference between company owned and personal devices that are now plugged into the network. It will help understand any abnormal behavior and can bring down the number of false positives that may otherwise create a worrisome situation.
- Install a firewall if one doesn’t exist. Options range from low end to expensive ones.
- Review the rules on firewalls to ensure they are valid and no gaps exist. For every mobile user, create a policy on the firewall for access. Secure the communication with VPN technology.
- Most firewalls have a VPN feature. Use the same or open-source options. Try multi-factor authentication to prevent any abuse of credentials.
- Enterprises can also implement geofencing to restrict traffic within their networks. For example, if most of the employees working from home on a project are from Mumbai, then the company can make sure that any IP outside the city will not be allowed to access the environment.
- Also, lock the specific set of assets to an environment so that people from outside that particular geography can’t access specific environments.
- Make sure your servers are patched and all recent vulnerabilities are fixed. Servers need antivirus software too.
- All your OS/DB/network devices are hardened.
- Review your applications and make sure they don’t have any loopholes which can be exploited.
- Ensure proper credentials and authentication mechanisms exist for your applications.
- If feasible, take up services of security monitoring that can help you identify credible threats.
- Windows Defender is free with all Microsoft operating systems. WSUS is free for Microsoft patching.
-Several open-source vulnerability scanners are available: Burpsuite/Wireshark/NMap.
Surmount Business targets to become a strategic partner to entrepreneurs and enterprises and help expand beyond their existing roots, professionalize their operations, and enhance their capital efficiency. We spoke with Niraj Bora, the founder of Surmount Business, about how to keep data and business cyber secured with respect to the WFH culture.
Dropbox, google drive, etc. tools are safe for file sharing and also provide real time sync, separate team login, accidental delete recovery options, etc. as well. They have these options that makes sharing very convenient. Communication and project management tools like zoom, slack, and MS teams have good functionality and are helpful for work allocation, tracking progress, email and chat integration, cloud integration, etc. Paid subscriptions further increase the utility to include call recordings, multiple team member logins, etc.
Excess2sell is India’s leading B2B excess inventory marketplace which covers multiple verticals. We spoke with Mr Amit Kundra, Technology Director, about how to keep data and business cyber secured when WFH is becoming a norm.
Work From Home (WFH) has been the biggest challenge across businesses during the lockdown, especially in India where businesses still run the traditional way. The lockdown imposed on us due to the COVID-19 has left us with no choice but to WFH and since most businesses, especially the SMEs had never experienced this way of working prior to now, it has been a paradigm shift for enterprises. In such times, the only way to achieve business process continuity is through digital transformation, work automation, and mobility.
We at Excess2sell.com managed to keep up the processes going in this crisis situation as our E2S Ecosystem has been architectured in such a manner that majority of our business processes are automated , run independently, and are tightly integrated with each other which had really helped to continue with our tech development, member on-boarding, activation, CRM support process and departments, and most importantly, customer facing apps seamlessly running without any hindrance factoring all security aspects.
On the Infrastructure side, we decided to manage it out by categorizing it under two heads with strict guidelines:
- Use your own laptop.
- Company desktop / laptop with guidelines issued to all employees.
• To beware of phishing emails.
• To avoid use of public Wi-Fi.
• To ensure home Wi-Fi routers are sufficiently secured.
• To verify the security of the devices that they use to get work done.
• To avoid clicking links in emails from people they do not know.
• To avoid installation of third-party apps should be confined to bonafide app stores.
• Daily backups.
Since security was a bigger concern than the speed of work while allowing employees to WHF and ensuring business process doesn’t get stalled, we immediately actioned Privilege Access Management and transitioned our tech development completely onto offline mode. All new developments and product enhancements work are now being carried out on a separate secured Temporary Cloud bucket besides the ones regularly used considering best practices and team collaboration is happening via Slack.
Track of every login to the system, Multi-factor authentication, bitbucket and webmails monitoring processes should be strictly followed. Access to All High Availability Production Apps and environments is/should be restricted to a bare minimum mode and only VPN connectivity should be permitted in case of any critical or urgent release need.
To make communication smoother and faster with customers as well as internally, WhatsApp is being used as a part of enterprise communication along with SMS and email channels. Customers send their documents through WhatsApp or emails and they are tagged through Mobile or Web apps. Other tools that we recommend for efficient collaboration of the team in such times are Slack or Zoom.
These are hard times for businesses and IT budgets will be impacted in more than one way. But considering the new working normal and moving forward, businesses should invest more in IT to enable employees and customers to operate seamlessly in such unavoidable circumstances in the future. Businesses will definitely benefit by enabling and allowing complete digitization and mobility.
The need of the hour for every business moving forward is to be pro-active in defining business specific digital solutions rather than being reactive to similar kind of crisis conditions in future.
Volksara Techno Solutions
Volksara Techno Solutions Pvt. Ltd. is an all-in-one provider of remedies pertaining to the comprehensive security and safety solutions and integration of products, systems, and services. We spoke with Saily Lad, Director, about how to keep data and business cyber secured when WFH is becoming a norm.
Due to the extraordinary circumstances we are navigating, working from home has become the norm for a lot of people and companies, possibly for the first time in their lives. This has not been a common practice in the past and hence, there is a severe lack of a strong cybersecurity policy and standards to keep one’s data safe. In fact, every time an employee connects to a corporate network from their homes, they are creating access points that can possibly be exploited by hackers. When this happens over 1000 times on a single network amid lockdowns, it becomes increasingly difficult to guarantee security of each and every connection.
What we can do in such a scenario is to encourage employees to use a VPN at all times, especially when working with sensitive data. Additionally, we should encourage the use of cybersecurity tools that are capable of performing simulated attacks across remote connections in order to assess risks. This can greatly help determine the extent to which our current settings and defenses are effective, and what changes need to be made to keep our organisations and data safe.
TechChefs Software focuses on product engineering and multi-cloud engineering. Pratap Simha, the founder and CTO of TechChefs Software, discussed about how to keep data and business cyber secured by working at home.
Today we live in a world where everything and everybody is interconnected. Technologies like cloud, automation, artificial intelligence, robotics...to name a few, have made life much easier to stay connected with one another, both at an individual and at an enterprise level. But these advancements have also brought security threats which can post significant threat to data, confidential information, and everything else. Fortunately, a host of antidotes are available— the basic ones being Firewalls, antivirus software, anti-spyware software, and password management software.
Over and above these, there a host of tools/activities which when diligently followed can have a significant impact on staying secure:
- Encryption of data and creating back-ups:
The two most important aspects in staying secured are (1) to prevent sensitive information/data falling into the hands of hackers and (2) rendering the data useless if it falls into the wrong hands.
Here, encryption plays a significant role addressing the issue. In parallel, creating a robust data back up to fall back upon in the event of any breach.
- Safeguarding the hardware:
Much has been spoken about security from the software aspect. Theft of computers/laptops can also pose a threat. It therefore becomes important to secure the hardware system with a complicated and difficult-to-break-into password. Virtual Desktops on the Cloud are gaining popularity amount enterprises and eliminate the aspect of hardware theft.
- Cyber Security Insurance:
Insurance for data, a relatively newer concept, is gaining popularity. At the end of 2019, cyber security was valued at USD 1.97 Billion with projections to be at USD 3.05 Billion by 2022. According to a joint study by PwC India and Data Security Council of India (DSCI), the average cost of a data breach in the country has gone up to INR 11.9 Cr, an increase of 8% from 2017. The losses incurred due to breaches can be best mitigated by investing in cyber security insurance. It is estimated that the yearly cyber premium is in the range of Rs. 80 – Rs. 110 crores with IT/ITES and Banking & Financial sectors as early adopters.
Internally, creating a security-focused work place culture and educating all employees about the pit falls of an unsecured network makes it binding on every employee to be responsible for data security.
ADDA is a must have for apartment residents. The App by ADDA is fully integrated with the ADDA SaaS platform which is meant for Community Administration. We spoke with San Banerjee, the co-founder and CEO of ADDA, about how to keep data and business cyber secured when WFH is becoming the new norm.
There should always be a single secure entry point into all the digital systems and all other online systems should authenticate with this system. Email from Google Apps is ADDA’s single secure entry point and also serves as the company email inbox. We follow a default two factor authentication system that cannot be turned off by employees. During on-boarding their registered cell phone number is set as the second authenticator.
The other online portals we use like CRM, Support Ticketing, etc are all synced to the single Google mail for authentication. For an in-house system, whenever employees log in, an email with a 6 digit OTP is sent to their company email inbox. Without this OTP the internal systems will not be allowed. Also, if more than a preset number of tries are exceeded, we deactivate the account and also send an email to the admins. When an employee leaves, deactivating the company email is sufficient and that automatically removes their access to all other portals instantly.