Across the globe, millions of employees are working from home due to the ongoing Covid-19 pandemic. The scenario is no different in India with a lockdown in place. As employees work from home, businesses have been trying to keep up with their commitments to customers. However, not every organization has been ready enough with their existing IT infrastructure to support this. With hackers taking advantage of the pandemic and given the rise of cyberattacks, an immediate need to protect data, its access and information has erupted.
A lot of it is due to the simple fact that staff often access enterprise data through unsafe and insecure networks and endpoint devices as they work from home. Some employees may also be negligent towards organisational policies when it comes to cyber security. This creates an ideal environment for cybercriminals.
Globally, hackers have been exploiting various means of stealing valuable and sensitive data from organizations. Some recent incidents have been the creation of fake UPI IDs for donations to CSR funds, large numbers of domain names related to Covid-19 being registered, large-scale spam campaigns using Covid-19 as a handle in an attempt to spread ransomware, steal data or install banking malware and much more.
Data security continues to be a key requirement of every organisation, especially in the current scenario. Organisations have a great responsibility of ensuring that appropriate authentication and access policies are in place to protect their networks and sensitive data. They need to ensure that both efficiency of work and protection of critical data go hand in hand. This requirement will not just hold importance in the current pandemic situation but will set the trend for the future too. This is because organisations are taking this as an opportunity for assessment of the robustness and scalability of their existing cyber security measures.
To make sure that proper authentication practices are in place, companies need to attend to the implementation of smart access management policies and multi-factor authentication. This is to ensure that data is accessed only on devices authorized by their organization. Solutions such as SafeNet Trusted Access (STA) are ideal in this case as they allow both multi-factor authentication (like digital signatures and biometrics) and Smart Single Sign-On (SSO) in a cloud-based service. This further enables deliverance of authenticators including grid and one time password (OTP) on mobile phones.
Additionally, organizations need to secure against hackers accessing their critical internal IT infrastructure through social hacking like fake emails or gaining unauthorized access to privileged accounts. For this, organisations need to ensure that the SSL keys are not compromised and are securely stored inside hardware security modules (HSM).
In the coming days, businesses are expected to speed up on the adoption of cloud infrastructure for business applications. Besides availing of security provided by cloud service providers, organisations need to retain control of encryption keys using key management tools like SafeNet KeySecure and CipherTrust.
A very common and yet very important need of employees is a secure communication tool to protect your sensitive information when exchanging data with internal stakeholders, partners and customers. As the commonly available messaging apps are not designed to serve this need, organisations need to look for specialized remote collaborative work solutions such as Citadel (a secure instant messaging platform) and Cryptobox, both of which are in use by major organisations, the French government and its administrations in the current scenario.
Employees are equally responsible to ensure the safety of data. They should only access approved sites and avoid consumption of fake news and misinformation. They need to make sure that they adhere to their organisation’s privacy policies and avoid using insecure devices, networks and unapproved tools and services. Organizations will do well to continuously train people on best practices that they shall be aware of, while working remotely and accessing business applications, data and resources.
What is by now a cliché i.e. ‘data is the new oil’, under the new situation this oil will be generated, consumed and accessed by all concerned in an inherently insecure environment. Keeping the trust in the processes that generate that data, those that consume the data, and the decisions made on the basis of that data is the ultimate goal of any cyber security measures to be adapted by the organizations.
As the organizations make the most of cloud, IoT, automation, collaboration tools, etc. under the new circumstances, they should take advantage of encryption and digital signing technologies besides paying attention to keeping control of the cryptographic key material and implementation of secure digital identities and access management.
Essentially a three-part approach of encryption, secure key management, and identity and access management will go a long way in helping organizations survive and thrive in the new normal.
Rana Gupta is vice president, India and APAC sales, cloud protection and licensing at Thales. The views in this article are his own.