COVID-19 has brought about a drastic change in the ways of working as large numbers of employees started working from home. The remote work scenario also resulted in a growing number of cyber-attacks. As the economy becomes increasingly digital; the growing cyber threat is outpacing most companies’ ability to manage threats effectively.
Challenges in developing a strong IT risk framework
For HCL Technologies was looking to develop and deploy a strong IT security risk management framework that catered to work-from-home (WFH) scenario. The security mechanism would need to cover devices owned by employees or BYOD, remote access desktop security etc.
“To overcome this, we first identified the critical data points and limited the usage of information sharing outside the company domain. We also ensured that all our security software is patched along with home Wi-Fi security. We gave certain instructions to employees to avoid usage of USB sticks and provided our employees with basic security knowledge,” says Preeti Singh, GRC and IT Security Lead, HCL Technologies.
According to Singh, implementing various IT security, cyber security and GRC related security strategies have improvised the security posture of the company. Return on these security investments and strategies are long term and will protect the company from any data breach and cyberattacks.
Moving fast: Getting security right
Time was of essence and faster implementation was necessary. Singh and her team provided aggregated risk oversight for high-impact areas of IT Services for core components of IT risk mitigation, governance and reporting activities.
Engagement was carried out around end-to-end risk remediation planning, resolution and monitoring activities, including Technology Continuity Management planning, and testing activities. For this Singh collaborated with senior business and IT services leaders and other risk managers to resolve challenging risk matters.
Implementation of key tools like Identity management Saviynt tool, Password Management (LastPass), PAM solution, Bluecoat tool (web proxy management tool) and internal vulnerability scanning tool were brought into the picture.
Apart from preparing the organization for GDPR, SOC-2 audit, external audits, 3rd party security and ISO-27001 requirement, minimal training for employees on Information and security training and awareness program management were taken into account to ensure maximum security.
Data security and IT risk management driven approach helped HCL Tech to foster security and gave the assurance that work from home is secure and safe for both employees and the organisation. This included successful implementation of a user identity management tool.
NOTE: This story is based on the nomination submitted by Preeti Singh for 8th Annual Dynamic CISO Excellence Awards 2022.. Preeti is the winner for Dynamic CISO Visionary CISO Award 2022 .