"Isolate servers and devices that contain vital data from common network" 

D V Seshu Kumar
Asst Vice President – IT Head, Orient Cement

Preparedness to face challenges of data security:    
Data security seems to gain more attention with each passing year. Data security is the number one priority, and concern, of IT departments. This is because, over recent years, companies have begun using multiple external applications to carry out company processes. This has greatly increased the security challenges of a company and the risk data breaches. This includes the integration of mobile devices into the business world. Everyone, from business owners to entry level employees, bring their personal mobile devices to work.
At some point, they have all connected with the company’s infrastructure, whether it was intended or not. Even if we follow network security tips. All it takes is plugging a phone into a terminal, PC, or laptop to charge the phone and that system is potentially at risk.
Isolate servers and devices that contain vital data from a common network. By removing these systems from the common network, it eliminates the possibility of remote access, thus increasing the security.

It is important to emphasize application security instead of device security. Most applications are cloud-based. Cloud-based systems run non-stop and give users uninterrupted access to the systems, including hackers.
By using both a proactive and reactive protection method, then it’s actively hunting out weaknesses in the system. It gives a company more control over its network. Real-time Intrusion detection software is a great way to monitor when data is being accessed, by whom, from where and when. It gives the ability to immediately identify any odd network behaviours as it happens. This helps in catching the problem before it gets out of hand.

The best practices for remote working: 
Remote work presents a unique challenge for information security because remote work environments do not usually have the same safeguards as in the office. When an employee is at the office, they are working behind layers of preventive security controls. 
Some of the important parameters when working from home are avoiding public Wi-Fi, using personal hotspots, VPN to use for remote access applications, VPNs provide a flexible connection to connect to different services (web pages, email etc.) and can protect traffic. Also set up encrypted remote connections into a remote desktop or other individual server. Many of these connection types (RDP, HTTPS, SSH) include encryption. Very important thing is to keep work on work computers and not on personal computers. Never leave your devices or laptop in the car etc., car is not any safer place to keep. It is a best practice to keep it with you work laptops and devices.

Role of CISOs: 
Things are rapidly changing for today’s CISOs. In its State of Cybersecurity, reports say that organizations might be starting to move away from the traditional reporting model for CISOs because of the desire to avoid conflicts of interest. The CIO is chiefly concerned with implementing new technology projects to support the organization, whereas the CISO is interested in minimizing the organization’s risk level. 
CISOs need to draw upon other skills so that they can effectively explain security risks facing the organization to the board and direct their strategy’s implementation across the entire organization. It is important that CISOs moving through the different departments will be able to both understand and approach digital security as a holistic problem.