The Tribune

By YOURI KEMP

Tribune Business Reporter

ykemp@tribunemedia.net

An information security manager yesterday urged Bahamian businesses not to forget the importance of data and information protection while working remotely during the COVID-19 lockdown.

Demarius Cash, Seagrape Inc’s chief executive, told Tribune Business: “The COVID-19 crisis has forced organisations to rethink their product and service delivery strategy, while also creating new dynamics related to workforce management.

“In order to remain competitive, organisations are being forced to adapt rapidly while also navigating mitigation of the increased security risk associated with a remote workforce.” He highlighted several factors that impact employees working outside the office which can pose serious security challenges for information and data protection.

Mr Cash said that, especially for those companies which are equipped with remote office capabilities, they must have adequate bandwidth to accommodate the increased demand. He also advised that persons invest in a secondary or back-up circuit to ensure reliable and consistent connectivity, and allocate bandwidth to critical services while restricting it from non-essential Internet resources.

Mr Cash said this was critical “so persons can access VPNs (virtual private networks), and get access to the network, because they are working remotely from home”.

He added: “It is important to allocate appropriate bandwidth. If you’re trying to connect to the system, make sure you have enough bandwidth, because without enough it would slow down your work process. So, when people are working from home you want to feel like they are in the office, and not discouraged from working because the system is slow.”

Emphasising security, Mr Cash said: “Securing the environment is important because you always make sure your system has up-to-date patches. Without them it leads to vulnerabilities because someone can log-in and hack into your system. You would want to use multi-factor authentication security, so you would have two levels.

“Harden the configuration of the Internet gateway, firewall and VPN appliances, ensuring that communication is restricted based on need. Ensure operating system updates are applied, and that antivirus software is installed and updated. Update the firmware on all network hardware appliances, and enforce multi-factor authentication (MFA).”

He added that companies needed to have proper access codes for different levels of employees. “You need to monitor the network to see what the employees are doing,” Mr Cash added.

“Enable the logging features on your gateway appliances, for example firewalls and load balancers. Enable logging of critical systems, services and user profiles, and have these logs forwarded to a security monitoring tool that can aid in event correlation and alerting.”

Calling on all Bahamian companies to have a proper incident response plan, Mr Cash said: “If you have a trouble ticket, or something had happened, you would want to create an incident response plan and make sure that if you have a network issue that you have your contact information for your network administrator in place.

“And, if you have a web-interface issue, make sure you have a website developer contact at hand. Develop a plan and put in place key individuals to respond to these various threats and breakdowns in your system. Develop and activate an incident response plan. Know who to contact for what and when, and invoke and activate a business continuity plan.”