The Pandemic triggered digital and remote working making Cyber Security one of the top priorities for organizations. In this context, tell us briefly how your organization managed the transition to remote working during the pandemic? How did you manage employees logging into the corporate network or accessing critical resources and remain protected from cyber-attacks? Tell us about some of the unique security best practices that you have implemented to protect your organization against cyber-attacks?
During the pandemic, we had to allow only Head Office staff to work remotely. We were working on a roster basis, and 50% of staff was present at the office and 50% were in the remote office. So it was not required to give access to all the staff access to the corporate network at a time. All the Branch staff performed their duties physically to provide customer service. We allowed staff to access the office network through VPN, and for those who were working from home we allowed the two factor authentication (Domain login ID and Software Token). The general users were able to access office applications from their home PCs/Laptops after fully complying with the requirements of the security procedures and device profiling in the system. The priority users were having their office provided devices and they were permitted to logon to the mission-critical systems through PAM.
Some of the unique security best practices that we implemented to counter cyber-attacks during the pandemic are as follows:
- We ensured that anti-malware solutions are installed, and OS security patches and signature databases are regularly updated on all the endpoint devices.
- Security monitoring through SIEM was strengthened and 24/7 performance was ensured.
- Updates of different operating systems of the servers were performed on an as and when required basis.
- Internal VA scan was performed periodically on different systems using the Vulnerability Assessment (VA) tool and mitigated identified security holes/gaps immediately.
- We conducted several IT and cyber security awareness sessions virtually for different levels of officials of the bank.