CIO PERSPECTIVES

The Pandemic triggered digital and remote working making Cyber Security one of the top priorities for organizations. In this context, tell us briefly how your organization managed the transition to remote working during the pandemic? How did you manage employees logging into the corporate network or accessing critical resources and remain protected from cyber-attacks? Tell us about some of the unique security best practices that you have implemented to protect your organization against cyber-attacks?

One of the most significant consequences of COVID-19 could be remote work. Pre-pandemic, roughly five percent of full-time employees with office jobs worked primarily from home. That figure is likely to settle at 20-30 percent in the new normal, with variation across occupations and industries. Many business houses in Bangladesh have converted to a remote or hybrid system, and this hybrid system is still in use today. In the banking industry, it is not possible to shift all employees to remote work, and it is also not possible to cease or pause our services for any reason. As a result, in order to provide suitable services to our clients, our bank implemented a hybrid system at the time of crisis.

• To provide 24-hour banking assistance via digital banking and ATMs, our bank implemented remote work for selected workers on certain days, as well as 24-hour physical support in our Head Office for urgent support cases.
• For remote work, we gave our critical workers office laptops with endpoint security licenses so that they could work from home. After providing adequate explanation for their usage and receiving approval from higher management, some users were given VPN connections. The VPN users’ traffic was also monitored by the Security Solutions.
• When logging in to the PC or connecting to the VPN, users were required to follow the password policy and be cautious before clicking on any link or opening any email. To make employees aware about these things, frequent cyber awareness training is conducted in our office on a regular basis.

We believe that awareness among employees about cyber security is very important to protect our environment from any sort of hazard. Aside from that, we need to be more vigilant about new releases and their fixes, security and other device patch updates, secure data communication policy updates, and access policy and as well as their real time implications on various systems.

As organizations prepare for what life looks like in a post-pandemic world, one of the many issues they will have to be addressed is the cyber security risks of remote working. Here are some aspects related to remote work which an organization’s remote workers may be making that endanger the company:

• Accessing Sensitive Data Through Unsafe Wi-Fi Networks.
• Using Personal Devices for Work.
• Ignoring Basic Physical Security Practices in Public Places.
• Using Weak Passwords.
• Email Scams.
• Security Controls are weaker.
• Cyberattacks on Remote-working Infrastructure etc.

The essential security clauses that should be included in remote work policy are as follows:

• VPN
• Firewall
• Strong EDR
• Implement SIEM in environment.
• Clearly define which positions are eligible for remote work.
• List the tools and platforms they should be using.
• Provide employees with steps to follow at the first signs of accounts being compromised.
• Multi-factor authentication.
• Cybersecurity awareness guidance or training.

In our bank, we rigorously adhere to the above rules when it comes to remote work. All remote workers should be connected though VPN only. For remote work, only office-provided laptops are utilized, which are already protected by an endpoint security solution. In our bank, cybersecurity awareness training is a continuous activity, and every employee is aware of the issues. Furthermore, we have met ISO regulations and are planning to adopt new systems that will better protect our entire environment than ever before.