As the world goes back to the new normal, many challenges lie ahead, particularly related to constructing a healthy work environment and how to achieve compliance with the governmental regulations. Cybercrime has increased during the past few days. How do you keep your employees safe in the ‘Post-Pandemic Era’? Organizations are drafting plans on how to bring everyone back to the office. In such a context, your company’s cybersecurity factor is a crucial aspect. The focus must shift to cybersecurity. There are several aspects that organizations will have to keep in mind and they will have to primarily be more vigilant to prevent vulnerable machines from being connected to the corporate network.
According to Kiran Belsekar, Vice President – Information Security at Aegon Life, these are InfoSec guidelines that can be followed by an organisation.
1. Network Access Control (NAC): NAC solution to prevent unpatched machines from being connected to the network. Access to business applications is allowed once devices are compliant, fully patched and updated.
2. Password Change: As password is the first line of security, users must reset/change the password before they login into their system. As many organisations would have relaxed the password policy, this needs to be reset to the previous level.
3. Desktops: Before users go back to the office, the IT department needs to ensure the systems are kept up to date with antivirus signatures, patches, and software versions. They should also ensure full AV scan and make sure that health checks of DLP and other technologies have been performed.
4. Laptops: Similar measures need to be enforced for desktops as well. A walk-in center\clinic can be set up for users to submit their laptops to get their systems updated.
5. Data Hygiene: For users using their personal devices while working from home, it would be good to have them clean their organisation data from personal machines.
6. Exceptions: Risk team must review all the risk exceptions for employees and revoke them once employees start reporting to office.
7. Physical Security: No employees or support staff should be allowed within the office premises without an authorised ID card.
Kiran Belsekar has over 18+ years of industry experience in Cybersecurity and Information Technology across different Industries. He is a well-known personality in the Cybersecurity industry within India and has been part of the Cybersecurity domain for nearly two decades. His certifications include CISA and ISO Lead Auditor for Information Security & BCP. He has received numerous awards from prestigious institutions such as CISO100, CSO Forum, ISACA, DynamicCISO, CIO Powerlist, etc. He is very active on professional social media on Linkedin and Twitter and well connected to Industry Technology & Cyber Leaders within India and Globally.
Author- Kiran Belsekar, Vice President, Information Security, Aegon Life Insurance Company