Security in the time of Corona

As the world is struggling with the Corona virus (COVID-19) pandemic, the security folks are struggling with something else: Securing the remote business… We have been so busy with securing our systems from the viruses that we could not see that a natural virus could cause more problems than the digital ones.

Working remotely was not an option for many companies or not for every position so most of the companies were caught off guard. Many of us were just not ready to transform the business this fast but it’s happening folks and here are some of the concerns you should take into consideration:

1. Security Issues on Mobile Devices

It’s easy to secure your employees’ devices when they are inside your network, under your firewalls but is it the same when they connect from home?

VPN is not the solution for every connection, what if the employee connects to some unsecure site, you never know. Things get more complicated when the employees use their own devices for work.

All you can do is to increase the awareness of the employees and put some strict rules for those you can control, such as strong password policies and access management.

Technology in the hands

2. Issues with Backup and Recovery

Data loss can be a huge problem for remote business and the problem is bigger if the employees are using their own devices for business.

There are quite good backup and recovery solutions in the market, you can use them secure the data in a centralized backup and recovery system or you can simply make the employees take their own local backups but being on cloud seems to be the best solution for this issue.

cloud-backup[1]

3. Issues related to Shadow IT

End-users usually tend to use their practical solutions and they use anything possible once they are out of your control.

Shadow IT has been a pain in the neck for many years, users want to use some free applications for which they have no idea of the security concerns.

It used to be easy when the only way to use an application was to install it on your computer and only IT could install software to the corporate PC’s but it is a dilemma when you can use cloud services from home.

The level of security awareness just becomes more important related to shadow IT solutions. End-users must think like security analysts when they are deciding to use an application other than the corporate’s assets and decide not to use if possible.

shadowIT-light[1]

There are many more security issues for remote business and it usually comes to the point where the end-users must be aware of the security risks and act accordingly.

Security awareness training programs must be updated with the use cases that we are facing at this coronavirus transformation and companies should invest more on training the employees in order to protect themselves.

Stay home, stay secure!

GRCAC Day Bursa 2020

ISACA Ankara Chapter olarak Tofaş‘ın ev sahipliğinde EY‘ın katkılarıyla düzenlediğimiz yönetişim, risk, uyum, denetim ve siber güvenlik konulu GRCAC Day Bursa semineri 7 Şubat 2020’de Tofaş Akademi Doğu Kampüsü’nde gerçekleşti.

This slideshow requires JavaScript.

I’m speaking at CS4CA MENA Summit!

cs4ca cyber security for critical assets mena dubai erdem aksoy

The 4th in a successful series of exclusive Cyber Security for Critical Assets Summits in the MENA region, that brings together the region’s industry leaders to discuss and create best practice industry guidelines. The CS4CA MENA Summit is brought to you by Qatalyst Global.

My interview for CS4CA

Erdem Aksoy CS4CA MENA

Erdem Aksoy is Deputy Head of IT Process & Information Security at Çimtaş Group and is responsible for the cyber security for Çimtaş Group companies. As a cyber security professional with a highly impressive skillset ranging from ISO 27001 Information Security, ITIL/ISO 20000 IT Service Management, & ISO 22301 Business Continuity Management Systems to IT Management and R&D Management.

As one of the speakers at #CS4CA MENA, we caught up with Erdem to learn more about his job and how he keeps his spirits up while protecting his company’s critical infrastructure:

Click to read the full interview

I’m speaking at CS4CA MENA Summit!

The 3rd in a successful series of exclusive Cyber Security for Critical Assets Summits in the MENA region, that brings together the region’s industry leaders to discuss and create best practice industry guidelines. The CS4CA MENA Summit is brought to you by Qatalyst Global