Startup Terminal
  • News
    • Technology
    • Funding
    • Tie-up
    • Acquisition
    • Australia Startup News
    • Singapore Startup News
    • India Startup News
    • UAE Startup News
    • UK Startup News
    • US Startup News
    • Launch
    • Video
  • Interview
  • Feature
  • Events
  • Variety
    • 40 Under 40 Award by Startup Terminal
  • Privacy Policy
  • Refund and Cancellation policy
    • Terms and Conditions
  • Contact Us
No Result
View All Result
  • News
    • Technology
    • Funding
    • Tie-up
    • Acquisition
    • Australia Startup News
    • Singapore Startup News
    • India Startup News
    • UAE Startup News
    • UK Startup News
    • US Startup News
    • Launch
    • Video
  • Interview
  • Feature
  • Events
  • Variety
    • 40 Under 40 Award by Startup Terminal
  • Privacy Policy
  • Refund and Cancellation policy
    • Terms and Conditions
  • Contact Us
No Result
View All Result
Startup Terminal
No Result
View All Result
Home Uncategorized

Opinion: Cyber security in the time of coronavirus

StartUp Terminal Bureau by StartUp Terminal Bureau
February 12, 2022
in Uncategorized
0
Opinion: Cyber security in the time of coronavirus
154
SHARES
1.9k
VIEWS
Share on FacebookShare on Twitter



Changing working patterns

With the ongoing spread of
coronavirus, government guidance is changing rapidly. In many countries,
healthy individuals are being asked for the first time to avoid unnecessary
public exposure, for example at large gatherings, on public transport … and in
the workplace.

As a result, many businesses
around the world are now either planning for or actively implementing a
business model involving far more remote workers than they had ever anticipated.
IT and management teams are hard at work on the infrastructure and organization
to facilitate this. In the rush to keep businesses working, there is a
significant risk that security will not be properly thought through.

Good business cyber security practices,
under any circumstances, should consider the following:

·       
Is the technology and infrastructure deployed
secured against malicious actors, outside and inside the organization?
·       
Do all company employees, subcontractors and
relevant third parties have clear instructions and guidance on how to conduct
their work in a secure manner?
·       
Do any of the security measures in place block
employees from conducting their work efficiently?
If the right level of security is
in place, your business will be well-placed to fend off cyber security threats.
Too little, and you are vulnerable. Too much security, applied in the wrong
ways, and your employees will feel stifled and start finding workarounds,
ultimately still leaving the business vulnerable.

Key security advice when
building remote capacity
In this spirit, S-RM has listed
below some key areas to consider when planning or deploying remote working
capabilities.

Securing devices

One key consideration for remote
workers is that they have laptops, mobile phones, tablets or other devices to
work from. Many companies are now issuing additional equipment to their
workers, to allow them to remain fully effective outside the office. But please
be aware of the following:

Make sure you have effective
asset management in place. Know what devices have access to your network and
data, plan for any changes, and block or remove obsolete equipment from your
network before it becomes a weak point in your security.

All company devices, especially
any device taken outside the office, should be encrypted, protecting data if
they are lost or stolen.

·       
Use BitLocker or a suitable third party solution
for Windows devices
·       
Make sure encryption is active on Apple devices
(it normally is!)
·       
Make sure appropriate encryption is in place on other
mobile devices

If you allow employees to use
their personal devices, consider whether your corporate data is appropriately
secured. Mobile Device Management solutions may allow you to secure data on
these devices, or you may need to restrict what employees are allowed to access
in the first place.

Don’t forget about the equipment
that is still in the office! With employees working from home, is there
sufficient physical security at your sites to protect servers, desktops, and
other parts of your network from malicious actors?

As you move devices, employees
and user accounts around, don’t forget the other parts of day-to-day security
preparation – strong passwords, secured and appropriate local administrator
accounts, and control over the applications and services on your network are
just as important as ever, to name a few.

Securing your networks

If your endpoints and your
servers are both appropriately secured, it’s important to make sure the two can
connect! Access to your network should be easy for legitimate users, but
blocked (or at least very difficult) for everyone else. Consider the following:

·       
Method of connection. Well-configured VPN
clients on all employee devices allow secure access to the network through a
private tunnel. Other secure access solutions will be available for particular
use cases. If you need employees to achieve access from the open internet, are
they connecting to a particular external firewall, or a well-managed cloud
service like Office 365? When planning user access, try to limit as far as
possible the exposure of additional areas of your network to the internet and
its many threats.
·       
Restricting access. Many types of
connections can be configured to further secure them against malicious actors.
If you are using a cloud service like Office 365, consider restricting access
where possible to particular devices, particular IP ranges, or to particular
types of connections. Firewalls and other services will offer many similar
options for carefully managing access rules. Consider restrictions inside your
network too; preventing connections or user accounts from going beyond certain
areas will reduce the risk from one unsecure employee or unforeseen
vulnerability.
·       
Strong authentication. The next step in
securing any access is to ensure that strong password policies and multi-factor
authentication are enforced. Enforced strong password policies are a must for
all services, not just those that are meant to be publicly accessible.
Multi-factor authentication should be used as much as is practical for your
business. Remember that there are many types of authentication; while text
messages might seem like the path of least resistance, if you have time to set
up an authentication app your business will be much more secure, while
device-based authentication might be appropriate in places to reduce
frustration for employees.
·       
Think of everything. To secure a network,
you have to consider all the different ways it can be accessed. How are your
employees accessing their mailboxes from their mobile devices? Do employees
need to connect to operational technology such as factory equipment (and is it
safe to let them)? How is remote desktop access into your network structured?
If you fail to secure these, you create vulnerabilities; if you fail to facilitate
them, you prevent employees from working.

Securing employee connections

The network may be thoroughly
secured at your end, but that data has to come from somewhere. As employees are
based outside your secure environment, it is often up to them to make sure they
are acting appropriately. You can help by providing them with suitable guidance
(as discussed further below) on topics like:

·       
Setting up home wifi. Ordinary home users
often neglect basic security when setting up their home environments. You can
help your employees with simple advice backed by senior leadership. Basics like
changing network name and access and administrator credentials are key, and
employees should also ensure appropriate network encryption is in place, remote
access is disabled, and that the software is kept up-to-date.
·       
Accessing other networks. You may want to
consider providing guidance to your employees about (not) using public wifi,
about how network names can be spoofed, and how man-in-the-middle attacks can
be launched on public wifi networks. A lot of the guidance on using public wifi
for business purposes is now very similar, but by specifically setting out your
own rules and guidelines you can make sure your employees have a clear
understanding of best practice. Don’t forget to mention the other risks of
working in public places, relating for example to Bluetooth connections and to
simple over-the-shoulder spying.
·       
Communications channels. Make sure your
employees have a clear understanding of how they should communicate with you,
with third parties and with each other. Make clear that work emails should be
confined to work accounts, and which messaging services they should use (do you
have a specific business solution, or are they on WhatsApp?). If you don’t make
sure there are clear lines of communication available, before long your
employees might well be texting each other passwords or customer names, with
all the attendant risks. If you do provide clear solutions, you can effectively
monitor them for any potential threats, for inappropriate data movement, and
for other business purposes.
·       
Watch out for Coronavirus phishing. As with
other major world events, the COVID-19 outbreak represents an opportunity for
malicious actors, from simple scammers to government-backed hacker groups.
Individuals and businesses worldwide are now being targeted by phishing
campaigns designed to play on fear of the virus and of the lack of reliable
information on the outbreak. Extra vigilance should be exercised by all
regarding any communication, hyperlink, attachment or request for information
relating to coronavirus. Warning your employees about this will reduce the
threat to them and to you.

Informing your employees

The points above are all
important areas where you can provide guidance to your employees, but in fact
clear and effective communication is one of the most important steps you can
take in any area. Even if you have a clear plan and a secure infrastructure in
place, without clear information employees will make mistakes, or else assume
you don’t have a plan and start taking (potentially unsecure or
counterproductive) measures of their own.

Make sure employees are clearly
informed, at least a week in advance if practicable, about what devices they
can use, what services they can access, and how they should do so. Keep them up
to date if this changes. Some employees may not have the access they need; you
need to find a solution before they come up with their own! If access isn’t in
place yet, employees should know when implementation is planned so they can act
accordingly, and if at all possible, what alternative solutions are available
in the interim.

Communications of this type are
not just a matter for technical IT or Cyber Security teams. Communication with
employees regarding remote access should be overseen by executive
management-level staff. While the technical teams can provide the appropriate
solutions and guidance that employees need, this information needs to be
effectively prepared and packaged so it can be delivered in clear and simple
language, using an appropriate method, and at an appropriate time. Importantly,
the guidance or policy should be clearly backed by the senior leadership of the
organization, to ensure that it has the authority and clarity needed to
convince employees to follow the advice given.

As much as practicable, make sure
you provide sufficient information to third parties as well, including any
customers who need to access your network. They will also need to know how to
contact you, how to access relevant services and infrastructure, and what you
expect from them in terms of their own security. Make sure your planning and
requirements are clearly in place, then let them know clearly and decisively
what you want – and, if the situation changes, consider when it will be most
effective to update them.

Planning for the worst

Any cyber security professional
knows that no one is ever absolutely safe from a malicious attack. Combining
the increased exposure from remote working with the confusion and short
deadlines of responding to the changing coronavirus situation only increases
that risk.

If you have effective cyber
incident response, crisis management and/or business recovery plans in place,
it is important to review them in light of your new operating environment. Can
you access all the equipment you will need to test or reset? Is your data still
being backed up to a secure site? Can your users still effectively report phishing
or other indicators of cyber incidents? How are you going to maintain
communication between the key crisis managers if all your laptops and mobiles
get encrypted with ransomware? If your plan isn’t tested yet, now may be the
wrong time to start – but at a minimum do all the relevant staff at least have
a clear understanding of the plan, and how your current situation has altered
it?

If you don’t have these plans in
place, you likely don’t have time to build them right now, but it is important
to at least consider the basics. Do you know where your key data is stored? Do
you know what services are key to your business survival? Do you have backup
communication channels, independent of your network? Do you have similarly
separated, and regularly updated, data backups?

Most of all, in your current
situation – who will be needed to respond to a crisis? Who else needs to be
informed? How are they going to coordinate, and who will replace them when they
need to get some sleep?

Evolving

As stated earlier, the global
situation, and advice from governments, is changing rapidly. As time passes,
businesses may have more time to implement additional measures and better adapt
to the new situation; or new events may force them to continue to react. In
either position, please bear in mind the following:

·       
Cyber security should be a part of your IT and
business planning, not something added on at the end where it will be
ineffective or will get in the way
·       
Always keep your eye on the prize of your key
data, assets and services that need protection
·       
Always consider your whole network or
organization – be careful not to miss gaps in your defenses, or legitimate
business needs that you are inadvertently blocking
·       
Communicate with your employees – use clear and
simple messaging, make sure the information provided is well-founded and
authoritative, and explain how they should act in order to do their jobs
effectively

About the authors
John Coletti is Chief
Underwriting Officer & Head of North America Cyber and Technology for AXA
XL, a division of AXA. Aaron Aanenson is director of cyber security for S-RM.

(Views expressed are personal)
Tags: OpinionVariety
StartUp Terminal Bureau

StartUp Terminal Bureau

Startup Terminal is a global news portal reporting news and analysis on technology, start-ups, and business-related news from all over the world. We exclusively feature entrepreneurs, startups, businesses, and technology companies to reach out to a wider audience. Contact us at editorial@startupterminal.com

Related Posts

How Singapore-based Likee is becoming a preferred destination for music and Bollywood biggies alike
Uncategorized

How Singapore-based Likee is becoming a preferred destination for music and Bollywood biggies alike

August 6, 2021
Friday Releases: Changing Face of Bollywood consumption
Uncategorized

Friday Releases: Changing Face of Bollywood consumption

February 12, 2022
Impact of COVID-19 Pandemic on Salon Industry
Uncategorized

Impact of COVID-19 Pandemic on Salon Industry

February 12, 2022
Next Post
RBI authorizes Transcorp to issue Co-Branded Prepaid Instruments (PPI) Cards & Wallets

RBI authorizes Transcorp to issue Co-Branded Prepaid Instruments (PPI) Cards & Wallets

PMI Launches New Basics of Disciplined Agile(TM) Toolkit Course for Agile Practitioners

PMI Launches New Basics of Disciplined Agile(TM) Toolkit Course for Agile Practitioners

Excel in NEET 2020 with the help of Team Mediconation

Excel in NEET 2020 with the help of Team Mediconation

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Loan Frame provides a hassle-free financing experience for SMEs

Loan Frame provides a hassle-free financing experience for SMEs

8 years ago
Aneesha Dalal, SHIAMAK Dance Academy

Interview: Aneesha Dalal, Master Instructor and Principal Dancer at The SHIAMAK Dance Academy

8 years ago
Free Cybersecurity Online Seminar- Brian Desmot, Founder of iTecs IT Outsourcing and Support

Free Cybersecurity Online Seminar- Brian Desmot, Founder of iTecs IT Outsourcing and Support

5 years ago
Exclusive Interview: Pooja Sachin Duggal, Founder & CEO of HealthHunt

Exclusive Interview: Pooja Sachin Duggal, Founder & CEO of HealthHunt

7 years ago
NGO comes to the Aid of Marginalized amidst the COVID-19 Lockdown

NGO comes to the Aid of Marginalized amidst the COVID-19 Lockdown

5 years ago
No Result
View All Result

Must Read

Arab Aviation Summit 2025 Brings Industry Leaders Together Reinforcing Saudi Arabia’s Role as a Global Aviation Hub

Eire Gulf Appoints Saeed Rehman as Head of Pre-Contract

How to Align Promotional Products with Your Audience

Managing bereavement in the workplace

NLB Services invests in Jagdish Mitra’s industry-first GenAI IP-powered SaaS services venture Humanize

Strategic Staffing: Optimising Performance with Full-Time Remote Teams

Trending

KMH Events Rebrands to KMH Dubai as its Services Expand to Encompass Full Brand Support
News

KMH Events Rebrands to KMH Dubai as its Services Expand to Encompass Full Brand Support

by StartUp Terminal Bureau
May 15, 2025
0

Dubai, May 15, 2025: KMH Events, founded by entrepreneur Kelly Marie Hodgkin, has rebranded as KMH Dubai,...

Manifest Brings Instant, Legal Access to $35 Trillion U.S. Property Equity Market for Indian Investors

Manifest Brings Instant, Legal Access to $35 Trillion U.S. Property Equity Market for Indian Investors

May 8, 2025
Felicity Games Secures $3M to Redefine Global Game Publishing from India

Felicity Games Secures $3M to Redefine Global Game Publishing from India

March 11, 2025
Arab Aviation Summit 2025 Brings Industry Leaders Together Reinforcing Saudi Arabia’s Role as a Global Aviation Hub

Arab Aviation Summit 2025 Brings Industry Leaders Together Reinforcing Saudi Arabia’s Role as a Global Aviation Hub

February 9, 2025
Eire Gulf appoints Saeed Rehman as Head of Pre-Contract

Eire Gulf Appoints Saeed Rehman as Head of Pre-Contract

February 9, 2025
Startup Terminal Logo

Startup Terminal is a global news portal for Technology, Startups, and Businesses. Reporting on technology, start-ups, and business-related news from all over the world. We exclusively feature startups, and technology companies to reach out to a wider audience.
Startup Terminal is an official media partner at global conferences like:
#Mobile World Congress 4YFN,
#Barcelona, Spain
#ConnecTechAsia, Singapore (Formerly CommunicAsia)
#NXTAsia, Singapore
#Africa Com, Cape Town, South Africa
#Converge Events, Singapore
#young Startup Ventures, USA

Follow us on social media:

Recent News

  • KMH Events Rebrands to KMH Dubai as its Services Expand to Encompass Full Brand Support May 15, 2025
  • Manifest Brings Instant, Legal Access to $35 Trillion U.S. Property Equity Market for Indian Investors May 8, 2025
  • Felicity Games Secures $3M to Redefine Global Game Publishing from India March 11, 2025
  • Arab Aviation Summit 2025 Brings Industry Leaders Together Reinforcing Saudi Arabia’s Role as a Global Aviation Hub February 9, 2025
  • Eire Gulf Appoints Saeed Rehman as Head of Pre-Contract February 9, 2025
  • How to Align Promotional Products with Your Audience November 5, 2024
  • Managing bereavement in the workplace September 24, 2024
  • NLB Services invests in Jagdish Mitra’s industry-first GenAI IP-powered SaaS services venture Humanize August 21, 2024

Readers’ Choice

  • Aneesha Dalal, SHIAMAK Dance Academy

    Interview: Aneesha Dalal, Master Instructor and Principal Dancer at The SHIAMAK Dance Academy

    379 shares
    Share 152 Tweet 95
  • International Women’s Day Interview: Arpita Mehta, Fashion Designer

    348 shares
    Share 139 Tweet 87

© 2023 Startup Terminal - Leading digital news portal-Startup Terminal | All Rights Reserved.

No Result
View All Result
  • News
    • Technology
    • Funding
    • Tie-up
    • Acquisition
    • Australia Startup News
    • Singapore Startup News
    • India Startup News
    • UAE Startup News
    • UK Startup News
    • US Startup News
    • Launch
    • Video
  • Interview
  • Feature
  • Events
  • Variety
    • 40 Under 40 Award by Startup Terminal
  • Privacy Policy
  • Refund and Cancellation policy
    • Terms and Conditions
  • Contact Us

© 2023 Startup Terminal - Leading digital news portal-Startup Terminal | All Rights Reserved.