A larger workforce across the globe has moved to their homes for meeting the business continuity requirements in this pandemic situation of COVID-19. The migration from ‘Working From Office’ to ‘Working From Home’, was challenging as business continuity had to be established, with zero compromises on security and compliance. The different location-specific compliance requirements, the customer security requirements, and the corresponding data protection regulations of the laws of land all were adequately considered without any dilution.
The recent trends in cyberspace show that cybercriminals are using different kinds of social engineering tactics to initiate the attacks. Phishing is the most popular among them. By stealing sensitive information like credentials from the end-users, the attackers infiltrate into the corporate network. Afterward, they may go up to demanding ransom after threatening to encrypt/publicize the data, an example being the recent Maze Ransomware attack.
As user awareness would be the best strategy to tackle the social engineering attacks; we constantly spread out pieces of awareness info among our associates on different kind of social engineering tactics and phishing attempts, the importance of safeguarding the data, the safe and secure working guidelines – all that was needed by them to stay alert and work safely. Conducting phishing exercises would be one option, which will help to understand the awareness level among employees at the same time this will educate them further. The Working From Home scenario would be more vulnerable to phishing or any social engineering attacks. Zero Trust models were found more suitable for these kinds of situations.
Though the work from home culture was prevalent even before, this sudden, forced and the prolonged situation has given us a new dimension to explore into strengthening our security infrastructure and making it more matured to smoothly switch to ‘Safe Work From Home’ mode; if more of such business continuity requirements come up in future.
Adarsh Nair, Head of Information Security, UST Global Inc
Website: https://adarshnair.com
