BEXIMCO management had a clear understanding of what could happen during the pandemic, fortunately. Hence, we started work from home on a trial basis before the lockdown started. As a part of that, we prepared an IT policy for remote office and Work from Home guidelines. These were well-conducted throughout the organization. We had also conducted sessions for all the employees so that they could keep themselves safe and secured during the pandemic. We have reviewed IT tools, resources & capacity. Based on review of feedback, we have taken proper initiatives for the readiness of work from home with security and success.
For logging into the corporate network, VPN was mandatory. The source IP addresses were whitelisted in the firewall. Whereas all other IP addresses we denied. For sensitive users, we provided a dedicated broadband connection to maximize the control over the network security. For all users, we also provided endpoint security solutions. Employees were highly encouraged to dedicate their devices only for official work. This helped us to ensure a lesser attack surface and to minimize the maintenance hassle.
We adopted the Zero-Trust philosophy for our IT resources. We enforced 2FA for our email and other resources. We also made sure of firewalls with extended ACLs and WAF before all the resources respectively. VAPT tools like Nessus for the IT resources are being used regularly to find out any security loophole. Moreover, a dedicated security team is in place to be vigilant. As a regular activity, they take care of updating the respective software versions and patches. CVEs are addressed timely by them.
For our sensitive employees, we provided dedicated broadband connectivity through BEXIMCO owned ISP. DDOS mitigation platforms were in place as well. For the employees, we prepared an IT Policy where the protection against cyber threats was covered in detail and thoroughly. We believe Cyber security is not an IT job anymore. It has become every employee’s concern these days. Moreover, we are conducting cyber security awareness training at regular intervals to ensure that the IT Policy is in practice.