CIO Wall

BM Zahid Ul Haque

Senior Vice President and Head of Information Security - BRAC Bank Ltd. - Bangladesh

CIO Perspectives

The Pandemic triggered digital and remote working making Cyber Security one of the top priorities for organizations. In this context, tell us briefly how your organization managed the transition to remote working during the pandemic? How did you manage employees logging into the corporate network or accessing critical resources and remain protected from cyber-attacks? Tell us about some of the unique security best practices that you have implemented to protect your organization against cyber-attacks?

Being a digital-focused bank, we had some sort of preparedness for remote work with limited scope. It was for some specific roles and specific resources with defined security controls. But when the pandemic triggered, the scale and scope got increased by multiple times. The transition was challenging to meet. Though we ensured all are connecting via secured VPN through organization-provided laptops with security controls only, having MFA, jump host, privilege session management, etc.; user train up and security awareness (e.g. properly securing home Wi-Fi, laptop sharing, etc.) was still a major challenge. Time was the additional crucial thing to manage.

With other security controls for access, we ensured all are going through Multi-Factor Authentication and Privilege access management. Users had to access through jump host with limited/specific privilege.

Remote work during the pandemic came up with unique cyber challenges, because home network/remote work environments don’t usually have the same security controls as in the office network. When users work in the office, they work behind layers of security controls. But, when people work remotely then additional security controls become essential. We had to ensure all are connecting through bank-provided secure VPN, using only bank-provided security-hardened laptops, with multi factors authentications, through secure jump host, following security monitoring, and automatic response.