16, Sir William Newton Street
Port Louis, Mauritius
As many countries are dealing with the re-opening and, in some cases, re-closing of their borders in the wake of the COVID-19 pandemic, the concept of remote-work or Work from Home (WFH) is garnering more interest from organisations. Faced with the new reality, both employees and entrepreneurs are resorting to WFH or telecommuting to push their way through 2021 and beyond.
According to a Global Workplace Analytics survey carried out among 3,000 employees working remotely during the pandemic, it was noted that 73% are very successful when working from home, 86% say they feel “fully productive” working from their home office and 76% want to continue working from home at least 2.5 days per week, on average. A separate study conducted by Owl Labs showed that employees prefer remote working as they spend less time commuting to and from work, and the work-life balance has made them more productive and focussed as shown in the graph below:
New reality means new challenges for Cybersecurity
Adopting WFH encapsulates some challenges as it exposes companies to greater risk when it comes to cybersecurity – they are more susceptible to phishing and malware attacks, thus exposing their business to multiple cyber threats.
The following are the different cybersecurity threats/challenges that companies are currently facing:
So, how can we mitigate those risks?
It is of utmost importance for companies adopting WFH to implement solutions based on people, process and technology in order to protect them from the increasing cyber risks and threats.
From a governance perspective, companies should create a remote working policy. This will assist them in guiding staff through the challenges of working remotely, reducing the risks and ensuring the impact on productivity in minimised.
With the shift to an expanded Work from Home environment, the risk surface has radically increased for most companies. These changing circumstances justify a reassessment of the cyber security risks in order to prepare the IT and response teams for reprioritising their efforts to keep company data safe. A comprehensive risk assessment exercise should, therefore, be conducted to re-evaluate the company risk profile based on its work force moving to a WFH environment.
Devices issued by the company are generally set up to be very secure and when staff work remotely using company computers, the risk is lower than using their own devices, as long as all security settings remain in place and software continues to be updated regularly. Work devices incorporate strict security settings, good antivirus and safe software that is approved and pre-installed.
Finally, it is critical for the company to update and test its incident response procedure and playbooks. Companies need to specify know how to react if an employee working from home has a laptop that is infected with a malware such as ransomware – what should the employee do? Should he/she shutdown the laptop? Or wait for someone from the IT department to collect and examine the device?
All these are possible scenarios and responses must be defined beforehand and detailed procedural steps have to be clearly spelled out in the manuals to mitigate the consequences of attacks.
Ongoing security awareness training must be conducted to keep employees updated about the security risks they are exposed to and help them understand how these risks can impact business continuity and ultimately the company brand image.
Below are a few topic suggestions for the security awareness sessions:
Lastly, testing the effectiveness of awareness is very important, and the undermentioned processes tend to buttress same. Listed below are a few suggestions for reinforcing security awareness:
In terms of technology solutions, different controls can be implemented based on the following scenarios:
For scenario 1 (i.e. employees using their own devices to access the business environment), the suggested solution is to implement a Virtual Desktop Environment. The latter will accommodate for an increasing number of remote workers. The user gets a desktop designed as per his/her individual profile with access to only required applications. Also, this system should have Multi-Factor Authentication (MFA) enabled.
This implementation represents numerous advantages such as:
For scenario 2 (i.e. employees using corporate devices to access the business environment), the suggested controls are as follows:
For scenario 3 (i.e. employees using their own or corporate devices to access the company Cloud environment), the suggested controls are as follows:
It is important for companies to actively manage their cybersecurity when working remotely. While there are big changes affecting businesses at the moment, security should never be compromised and may, in fact, need more attention as we bed down our new ways of working. These tough times are making us stronger as we close the gaps and vulnerabilities in our company security; which is ultimately a good thing.
Even if organisations have created more flexible remote-work policies to better accommodate the needs of their employees in the short-term, they must ensure that their teleworking strategies are robust and can support secure remote connectivity in the long-term. In fact, remote-work may be a bigger part of the corporate strategies of the future that was previously anticipated.
[To read more by Bank One on the theme of work from home, click here to access their Head of HR Priscilla Mutty‘s perspective under a blog titled ‘Adjusting to the new working environment’]
Bank One Disclaimer
Welcome to www.bankone.mu!
Please read the following important information before accessing this Website:
This Website is owned and operated by BANK ONE LIMITED and the use thereof indicate that you accept the Bank’s Terms and Conditions of Use.
If you do not agree to the Terms and Conditions of Use, you should not use the Website.
The Bank may, at its entire discretion, at any time and without notice, modify or update such Terms and Conditions of Use. Such changes shall be effective immediately and you shall be deemed to have accepted same if you continue to use the Website.
Although the Bank endeavours to provide correct information on its Website, it does not give any warranty express or implied as to its accuracy, completeness and reliability.
The Bank does not accept any liability for any errors or omissions of whatsoever nature as regards information, materials, functions and applications contained in its Website or as to any third-party Websites linked to or from its Website.
Terms & Conditions of Use
1) Information available on the Website are allowed to be printed and / or downloaded for personal use only and not for commercial purposes.
You may not reproduce, transmit or store any information contained on the Bank’s Website on any other Website without the Bank’s written permission.
2) The Website is intended to provide general information on the Bank and its products and services.
No information contained on the Website shall constitute or is intended to constitute financial, legal, accounting, investment or other professional advice or services. You are advised to take professional advice from a suitably qualified professional or adviser before taking any decision relating to your finances or business.
3) You acknowledge that information transmitted via the Internet is susceptible to monitoring and interception and you will be bear all risk of using such means. You further acknowledge that any unsolicited information communicated to us via Internet cannot be guaranteed to remain confidential.
4) The Website may contain technical, typographical or other inaccuracies and you are urged to contact us to confirm all information contained on this Website before placing any reliance on it.
5) The Bank agrees to make reasonable efforts to ensure full performance of its Internet Banking transactions. The Bank will be responsible for acting only on those instructions sent through Internet Banking which are actually received. The Bank does not assume responsibility for any malfunctioning in communication facilities not under its control that may affect the accuracy or timeliness of messages you send. The Bank will not be responsible for any losses or delays in transmission of instructions arising or caused by any browser software. It will, furthermore, not be accountable should you provide incorrect instructions or if your payment instructions are not given sufficiently in advance to allow for timely payment or delays in mail service.
Collection of Information
The Bank will not collect any information about you except where it is knowingly provided to us through this Website. The information we collect about you will depend on how you use the facilities offered via this web site.
In the event that you enter information in the process of completion of an online application form, the information will only be collected by us if you submit that online application to us. In other words, if you log out prior to submitting your application, any information which you had entered would be automatically deleted.
The Bank requires information to understand your needs and provide you with a better service, and in particular for the following reasons:
Internal record keeping.
Use the information to improve its products and services.
Sending periodicals and promotional emails on new products, special offers or other information which the Bank thinks you may find interesting using the email address which you have provided.
Our Contact Centre may call you to suggest products and services that are relevant to your needs based on the information you have provided.
Occasionally, the Bank may also use your personal information to contact you for market research purposes.
The Bank may contact you by email, phone, fax or mail and may use the information provided to customise the Website according to your interests.
The Bank will not sell or distribute your personal information to third parties unless it has your permission or is required by law to do so. You may request details of personal information which the Bank holds about you under the Data Protection Act 2004. If you would like a copy of the information held on you, please write to us.
If you believe that any information the Bank is holding on you is incorrect or incomplete, please write to or email us as soon as possible. The Bank will promptly correct any information found to be incorrect.
In no event will the Bank be liable for any damages including but not limited to direct or indirect, special, incidental, consequential or punitive damages, losses or expenses arising out of the use of its Website, or incurred as a result of any failure of performance, transmission of information, any interruption or availability of its Website, delay in operation or transmission, computer virus, loss of data, or otherwise.
Neither the Bank nor its directors, shareholders, agents, consultants, representatives, officers or employees shall be liable for any damages or losses resulting from your use or inability to use its Website or any information contained therein, including without limitation any direct or indirect, special, incidental, consequential or punitive damages whether arising out of contract, statute and tort or otherwise.