CIO Wall

Md. Abu Nader Al Mokaddes

General Manager - IT - Berger Paints Bangladesh Ltd.

CIO Perspectives

The Pandemic triggered digital and remote working making Cyber Security one of the top priorities for organizations. In this context, tell us briefly how your organization managed the transition to remote working during the pandemic? How did you manage employees logging into the corporate network or accessing critical resources and remain protected from cyber-attacks? Tell us about some of the unique security best practices that you have implemented to protect your organization against cyber-attacks?

During the pandemic, we prioritized for smooth & instant official communication tool by ensuring Microsoft Teams for all users. Secondly, we tried to ensure VPN login for business continuation from home. For ensuring remote work for new VPN users, we automated VPN login by scripting at windows logon so that users are not required to know the manual process of connection. Though our remote users used their home Wi-Fi, they were well-protected by our Firewall and Intrusion Protection System since they were accessing all network activities through our VPN. Further, for securing Microsoft 365 application including Teams, we implemented MFA so that unrecognized devices or users cannot access into our critical resources from remote. In addition to that we used SCCM to keep up to date all the terminals connected to our network.

To protect from cyber-attack, we enabled anti-phishing options in Microsoft security center so that any attack as phishing or SPAM cannot enter into our network through e-mails. Besides, we disabled direct communication with external domain through Teams as it was another source of phishing attack during the pandemic. Since our users used home internet for browsing different web application or other sites, we enabled Microsoft ATP (Advanced Threat Protection) along with Microsoft Defender Anti-virus as special filtering and protection for endpoints. Besides, SIEM tool helped us in monitoring user’s behaviors and suspicious network activities from home to protect all user’s devices as well as organization network or critical resources. During that time, another major challenge was to make users aware about new cyber-attacks. As a part of the awareness session, we organized E-learning tools with exam and rewards option so that users are well-versed about all new cyber-threats and their responsibilities for protection.