COVID-19 COMBAT:

SECURITY MEASURES

DURING WORK FROM

HOME

Moore Singhi Advisors LLP

2 | P a g e

CONTENTS

FOREWORD 3

CYBER SECURITY AND INCIDENT RESPONSE 3

MOBILE SECURITY (INCLUDING BYOD) 4

SUPER USER OR PRIVILIGED USER ACCESS 4

CHANGE MANAGEMENT AND EMERGENCY CHANGE 5

DATA PRIVACY 5

BACKUP 6

VIDEO & AUDIO CONFERENCE 6

DESKTOP/LAPTOP SECURITY 7

IT SUPPORT 7

3 | P a g e

Today, due to Coronavirus outbreak, lockdown has become imperative and accordingly the

need for Work from Home (WFH) or more precisely working remotely has become the only

solution. The more people are able to manage their business remotely, the more they are

successful in this difficult time. But, working remotely also carries the risk of data privacy

and confidentiality for the organisation.

Hence, we have come up with the below checklist on measures that should be taken to

ensure that there is no risk of Data Privacy and Confidentiality speciality at a time where

Cyber threats and exposures is a wide concern in today’s world.

Measures related to Cyber security should be taken seriously and any Incident on

Cyberattacks should be reported to Incidents Management team for immediate action.

 Staff should never share their passwords via

emails or SMS messages.

 Organisation should provide Licensed VPN

software to their staffs.

 Regular reminders on critical software and

mobile updates should be sent to staffs and

ensure that updates are done timely.

 Staff should not call for password resets to IT

team. Email should be used otherwise.

 Staff should be clear about the

organisational policies and restrict

themselves from accessing illegal sites on

corporate systems.

 Staff should be careful of the organisation’s

reputation when tweeting social messages

on Facebook, Linkedin etc.

 Staffs should be careful while checking

emails and no suspicious email (phishing

emails) and/or its links should be opened.

 If staff suspects some malicious attempts,

they should immediately reach out to IT

Helpdesk.

 IT Security staff must be vigilant and should

actively address suspicious activities.

 Organisation should ensure that Endpoint

security is installed in each system which

should be centrally controlled as per policy.

FOREWORD

CYBER SECURITY AND INCIDENT RESPONSE

4 | P a g e

Mobile Phones are critical in today’s business

primarily during remote working. Since, it is used for

both Business and personal use, chances of data

theft and cyber-attacks is more in case of Mobiles.

Hence, required discipline and measures are

important to protect it from various exposures.

 Ensure all staff mobiles have hardware or

software encryption.

 All mobile devices should have FULL disk

encryption.

 Where laptops/desktops are rented, ensure

that hard disk data is properly deleted or

removed.

 In case of personal devices used by staff,

ensure they do not download Apps from non-

trusted sources.

 Mobile devices should also follow

organisational policy on backup, updates,

password controls, etc.

 Organisation should keep extra stock of

mobiles, laptops, microphones and other

peripherals.

 Be careful on using DNS servers and only

trusted DNS be used and be enforced in all

laptops & mobile devices.

Privileged Access carries high level of permissions

and accordingly need to be controlled. Hence,

accesses should be wisely used and should carry

strong authentication mechanism.

 All IT and business privileged users should

ensure that they do not login for regular tasks

with privileged login ids.

 Privileged users should report all errors or

mistakes immediately to the management.

 Privileged access should have at least 2-factor

or 3-factor authentication mechanism.

MOBILE SECURITY (INCLUDING BYOD)

SUPER USER OR PRIVILEGED USER ACCESS

5 | P a g e

Changes to configurations should only made after required approval is taken from

management even in case of remote working. All emergency changes should be

regularised later.

 All normal program change should follow the required approval process as per

company policy.

 In case of any emergency change, approval to change should be taken post change

is executed.

 For all emergency change, an exception list should be maintained and all such

changes must be recorded.

 Exception List should be placed before management atleast on a monthly basis.

Data related to individual users should be controlled and required measure should be

taken to protect from leakage or theft.

 Educate staffs of their responsibility to protect privacy and confidentiality of client’s

data.

 IT Security staffs should monitor the logs for possible malicious activity on user

accounts.



Staffs should not transfer the organisational or client data through personal emails

or any other unauthorised storage medium

CHANGE MANAGEMENT AND EMERGENCY CHANGE

DATA PRIVACY

6 | P a g e

Data backup is crucial during remote working as systems are prone to failures which can

result in data loss.

 If external hard disk backup is allowed as per policy, ensure that organisational

approved encrypted Hard disk is used for Backup.

 In case of cloud backup, ensure that a backup mechanism is activated in staff system

to ensure their critical documents are backed up timely on cloud.

 IT Team should ensure that all instances of Backup failures are regularized.

uring remote working, Video & Audio

Conferences increases and the following

measures need to be taken to protect data.

 Staffs should use only management

approved conference applications.

 Staffs should ensure basic security and

privacy settings during calls, for instance:

 To have a password for every

conference call.

 Camera should be in switched off

mode by default, for both the host and

attendees

 Microphone should be on Mute by

default

 Participants removed should be

allowed to rejoin only after approval.

 Ensure that the meetings are not being

recorded, without permission.

 Staff should exit or close the app once

the conference is complete.

BACKUP

VIDEO & AUDIO CONFERENCE

7 | P a g e

Desktop/Laptop Security while working remotely is critical and certain measures need to

be taken by staffs to keep the data secure.

 Staff should not leave their machines unlocked, while away from the machines

 Staff should not attend confidential business calls near ‘Smart Speakers’ like

Amazon’s Alexi, Google’s Home, etc.

 Staff should be alert about pop-ups about VIRUS warnings when surfing the

web.

 Staff should not defer critical updates to organisational software.

 Staff should only be provided licensed VPN to access corporate data

otherwise data is prone to attacks.

 In emails, staff should not switch on 'forwarding emails option' for forwarding

corporate emails to their personal emails.

 Staff should not use unapproved USB flash drives and unapproved cloud

services.

 Staff should not lend their machines to their children or other members of the

family.

IT Team has an important role during remote working and they have to be vigilant about

the issues coming from remote staffs and ensure their timely resolution.

 IT Team should be available for support to remote users without any delays.

 IT Team should ensure that all logical access requests should be critically analysed

and if required, proper approval process needs to be adhered before granting

access.

 Management should review permissions of IT staff.

 Staffs should be informed that their activities are being monitored as per company’s

policies.

DESKTOP/LAPTOP SECURITY

IT SUPPORT

8 | P a g e

TOUCH POINTS

Kolkata

161, Sarat Bose Road

Kolkata 700 026

Tel: +91 (33) 2419 6000/1/2

Email- Services@singhico.com

Ahmedabad

705 P B Parekh Tower,

Near Diwan Ballubhai School, Kankaria

Ahmedabad – 380022

Tel: +91 (0) 79 - 2547 1562

Email: ahmedabad@singhico.com

Chennai

Unit-11-D, 11th Floor, Ega Trade

Centre,

809, Poonamallee High Road, Kilpauk,

Chennai - 600 010

Tel: +91 (44) 4291 8459

Email: chennai@singhico.com

Delhi NCR

Unit No.1704, 17th Floor,

World Trade Tower (Tower-B)

DND Fly Way, C-01, Sector 16,

Noida-201301

Tel. No - 0120-2970005, 9205575996

Email- newdelhi@singhico.com

Hyderabad

5-4-187/3 & 4 Soham Mansion

M. G. Road, Secunderabad - 500

003

Tel: +91 (0)40 2754 2635 / 1015

Mumbai

B2 402B, Marathon Innova, 4th

Floor, Off Ganpatrao Kadam Marg

Lower Parel, Mumbai - 400 013

Tel: +91 (0) 22 2495 2881

Email: mumbai@singhico.com

Bengaluru

No.28, R V Layout, V S Raju road,

Kumara Park West

Bangalore- 560 020

Ph. No.: +91 80 23463462/65

Email: bangalore@singhico.com

Nagpur

1st Floor, VCA Complex, Civil Lines

Nagpur - 440001

Tel: +91 (0)71 2664 1111

Fax No.: +91 (0)71 2664 1122

10 | P a g e

DISCLAIMER

This publication contains information in summary form and is therefore intended for general guidance

of clients / associates and is meant for private circulation only. We shall not accept any responsibility

for loss occasioned to any person acting or refraining from action as a result of any material in this

publication. On any specific matter, reference should be made to the appropriate advisor.

This document has been compiled based upon information / documents available in public domain

and sources believed to be true and reliable. However, no representation is made that it is accurate

and complete.