During the pandemic situation, our organization was not fully prepared in the initial stage for this unknown crisis knocking on the door. As per government and central Bank’s order, management had taken the quick decision of Work from Home (WFH) wherein 50 % of the total employees of the organization were allowed in the office on roster basis dividing employees by group A and B for better safety and security. For ensuring remote facility arrangement, VPN technology played a vital role, although the organization had been using VPN technology facility for IT staffs only, but the number of licenses had to be increased during that time for ensuing all employees’ had remote access facility. Staff members had also been using personal and official devices for working remotely as well as e-mail, virtual conference facility and some online solutions had been enhanced for providing customers remote facility. As a result, the probability of cyber-attack space has expanded to home and remote areas. In this situation, IT & IT security experts had given more efforts in security monitoring and finding out suspected behaviour to mitigate cyber threats and risk as a proactive approach. Actually, cyber security is an endless journey but we always need to micro focus on it to mitigate cyber threats.
To minimize the risk of cyber incident and computer related fraud during the pandemic, our organization had taken various best practices within the industry such as Cyber Security user Awareness, a human tool for best preventive technique; Continuously monitoring End User Device Security; Increasing continuous Monitoring Security tools like IPS/IDS, EDR, SIEM, FIM, Terminal Server for Security Threats analysis through SOC’S expertise; Vulnerability assessment for identifying security weakness and it’s remediation on a regular basis; Privilege Access Management & Identity Management for secured authentication and Identification; Monitoring suspicious e-mail through the e-mail security gateway as well as Advance Threat Analysis (ATP) on e-mail systems for protecting phishing attacks. We are continuously doing cyber security assessment of insider and/or external sites and focusing on risk identification as well as mitigation accordingly.