Home News Deloitte Prescribes 5-Step Security Approach to Protect Enterprises and WFH Employees

Deloitte Prescribes 5-Step Security Approach to Protect Enterprises and WFH Employees

Remote Work

With no end in sight to COVID-19, organizations have now accepted work from home (WFH) as the new normal. In fact, many Indian companies took a decision recently to let a section of their workforce to work from home permanently. This has been well accepted by millennials and Gen Z workers, according to a survey by Deloitte. But there are myriad cybersecurity challenges faced during the pandemic.

Deloitte’s 9th Global Millennial Survey 2020 stated cybersecurity to be a top concern amongst Indian millennials, which is a clear reflection of a number of cyberattacks that have been witnessed on MNCs operating in India, in the past week alone.

The survey further states that 86% of millennials and 83% of Gen Zs agreed they prefer the option to work from home in the future, to relieve stress.

With work from home (WFH) becoming the “new normal” amidst the COVID-19 crisis and cyber attackers and virus lurking in the shadows, enterprises can adopt a  five-step approach to reassess their exposure to cyber challenges and secure their enterprises, as per a Deloitte perspective.

The five-step approach includes:

  1. Implement multi-factor authentication: Organizations should enable multi-factor authentication (MFA) across all internet-accessible remote access services including Web and cloud-based email, Collaboration platforms, Virtual private network (VPN) connections and Remote desktop services.
  1. Implement an ongoing cyber threat education and awareness program for organizational users: Educate users on current threats, the dangers of opening attachments or clicking links from untrusted sources, and the basic actions needed to prevent infection. It is essential to educate users to be wary of unexpected email messages, and to authenticate them with their ostensible senders before opening any links or attachments within them.
  1. Know your most critical data and systems and where they are located: Not all data and systems are of the same value to organizations and attackers. Knowing the ‘what’ and ‘where’ of critical data and systems allows you to target resources on your most important assets first. Critical data and systems can be overlooked, especially when trying to protect everything in an organization. Ensure critical data is backed up and systems are recoverable.
  1. Update your patching regularly: Internet-facing infrastructure is a primary target for attackers. By patching this infrastructure, you can help prevent attackers from exploiting known vulnerabilities in the software in order to gain access to your network and systems. It is recommended to apply patches within 48 hours of release.
  1. Monitor and analyze activity on your most critical systems: A critical component of protecting your environment is to understand what is happening in real-time. Without this visibility and what has already happened to your systems and data, you are effectively operating blind.

Speaking on the recent cyberattacks, Shree Parthasarathy, Partner and National Leader – Cyber Risk Services, Deloitte India, said, ”In the era dominated by digital transformation, Indian enterprises have been susceptible to some major cyber-attacks and threats as a result of businesses transitioning to cloud with broader networking capabilities.”

While these threats are not new, their sophistication and frequency have increased and there is an immediate need for businesses to draw a crisis management and resiliency plan of action.

“A robust and consistent layer of identity and access management built with a multi-factor authentication and encryption policy will help in aligning a thoughtful cybersecurity policy to overcome the dual crisis hovering over the country,” he added.