With the unleashing of the pandemic of 2020, the conventional way of doing business was no longer enough and enterprises had to reinvent the wheel to ensure business continuity. Meetali Sharma from SDG Software India Pvt. Ltd. shared how their organization adapted to the uncertain and ambiguous market conditions. Explore how they not only survived the pandemic, but thrived too with key focus on ensuring enterprise-wide security.
Compliance & Information Security SDG Software
In March 2020, Covid-19 struck us badly and most businesses shifted their focus on ensuring that work goes on smoothly, despite the unforeseen disruption. Therefore, ascertaining business continuity was of paramount importance. Similarly in our organization, the first and foremost thing we had to ensure was that all businesses are working properly, there is no delay in the deliverables, customers are satisfied and there is no business disruption. This was the biggest challenge, remote working had to be enabled for all users along with all security controls to protect data.
Bringing the Business Continuity Plan into Play
To deal with the ongoing uncertainty and upheaval, we invoked our business continuity plan (BCP). Fortunately, we had already developed an effective and robust BCP to ensure smooth operations and functioning. We triggered the BCP, and made a specialized task force to identify and create a future plan of action as the pandemic was something none of us had an experience of dealing with. Our special task force included our BCP team members and some of the functional members as well.
Once we had this team in place the next thing was to ensure that everybody had the resources and support to function remotely. This included procurement of laptops and moving desktops to homes to ensure that everyone could work effectively and safely. We enabled remote working for all employees with adequate security measures and additional tools over and above the existing tools such as encryption, Email monitoring, DLP, EDR Solution and URL Filtering solutions. We have been conducting daily stand-up BCP calls of task force to track and monitor the situation. Our BCP/DR and incident management plans have been updated to handle pandemic situations. All employees have also been trained on the security measures they need to take for securing data residing with them and to secure their wireless routers. Once this was done, our next focus became customer communication. We ensured regular & proactive communication with our entire customer base to keep them updated about our BCP strategy to tackle the pandemic.
The Focus on Information Security
With the basics of business continuity in place, we shifted our focus towards employee health and safety, with special attention to information security. The process started with the adoption and implementation of mature and sophisticated security tools. Conventionally, all information to the customers went from a server room or a secure space. However, with the shift to remote work, the data security of the information being shared from the homes of the employees came into question. While implementing remote security tools was a part of our digital transformation plan, accelerating the adoption to a few weeks became a challenge and the question of data security came around time and again.
That’s when we decided that the most effective approach was to make our employees aware of the gravity of the situation and make them the defenders of the information they hold with them. They were informed and trained on the best practices to be responsible and secure the information. We have been able to develop a remote working culture within the organization and each employee has been made self-sufficient (Atmanirbhar) to handle their jobs independently keeping security and compliances as a priority. Each employee has become a custodian for information security in true sense now. Detailed calls were conducted with the customers to win their confidence and convince them that their information and data is in safe hands.
Seeds of Success
It was a proud moment for us when our customers shared that they were quite satisfied with how we handled the entire business continuity. They were impressed by the way we were training our team members to ensure there was no operational disruption. As a result, we were able to secure a few new customer acquisitions and engagements. We have seen this as an opportunity and started giving advisory services in the form of Compliance As a Service (CaaS) to customers around areas related to cybersecurity, compliance & BCP. Despite the improvement in the situation, our customers were comfortable letting the employees work remotely.
With our robust business continuity plan and agile thinking to adapt to the changing circumstances, we were able to prioritize employee health and safety and simultaneously ensure data and information security. We are constantly updating our BCP and increasing preparedness for all forms of anticipated risks.
To conclude, it is clear that having a business continuity plan in place helped us take the first step towards continuing our operations. Furthermore, our employee-centric organizational focus coupled with technological investments and proper training helped us achieve the twin goals of facilitating employee safety and information security. Therefore, I strongly advocate that organizations must have a robust BCP strategy, which is continually reinvented to find themselves in a position to don a human face supported by digital disruption in times of crisis.
About the author
Meetali Sharma is Head- Risk, Compliance & Information Security at SDG Corporation (SDG Software India Pvt. Ltd.). With an overall experience of 18+ years, she has worked on several information security assignments covering consulting and solution-driven approach including – Information Security Incident Management, Information Security Risk Management, Training and Awareness, Information Security Measurement Program implementation, CMMi implementation for Development and Services. She is certified in Risk & Information Systems Control (CRISC) from ISACA, CMMI SVC & Dev 1.3, ISO/IEC 27001:2013 Lead Auditor, ISO 31000:2009 Risk Management Principles & Guidelines Implementation, IATF 16949:2016 from BSI.
Meetali is an industry recognized speaker and an active participant, member, and panelist in discussions on topics like Integrated Security, Data Security, Incident Management, Cybersecurity, GDPR, CISO forums, Service Organization Controls (SOC), Cybersecurity events, Open Source Summits, Data Center Summits etc. She is a member of various CISO/CRO/CIO forums and her articles on Risk Management, Cloud Security & Cyber Security have featured in various magazines and blogs.