Sun Life ASCI is committed to the fundamental principles of information security – confidentiality, integrity and availability. With work-from-home becoming the new normal, there is a greater need for organizations to maintain a robust and reliable security framework. It is equally critical to keep employees informed about best practices, elevate their awareness and maintain stringent compliance. We strongly feel that enterprises with secure technology and communication platforms would always fare better in times of crisis and ensure business continuity with minimal risk exposure
The COVID-19 pandemic has presented an unprecedented global crisis impacting everybody’s professional and personal lives. Organizations have been coerced to adopt work from home (WFH) to enable business continuity, which is turning out to be the ‘New Normal’ now. As a global financial organization, it became imperative for Sun Life Asia Service Centre India (ASCI), (the Global in-house Center of Sun Life Financial), to ensure that its operations, network and critical infrastructure are highly secure and stable.
Sun Life ASCI has deployed robust and advanced cyber security solutions to ensure a stable and secure network for its employees to support business operations securely while working from remote locations. All the assets are regularly scanned and patched to ensure there are no vulnerable attack vectors available for the attackers. The organisation has a centralized global SOC (Security Operations Centre) which continuously monitors remote access logs and alerts for anomalies. The internal access policies and firewalls are constantly reviewed and updated and all access to the employees are provisioned based on ‘Least Privilege’ and ‘Need to know’ principle. Employees have been advised to use the secure connection to Sun Life network by ensuring VPN only usage on company-owned hardware with up-to-date security features, to prevent any infected data/ malware into the company’s network. During a long remote access session, employees are required to re-authenticate themselves.
Endpoint devices are one of the most critical type of equipment when employees work from home. They are also an easy target for cyber-attacks while the world grapples with the pandemic making it even more important to secure endpoint devices. At Sun Life ASCI, IT team has updated its endpoint device policy framework to block installation of unauthorized utilities/ applications. Full disk encryption has been enabled on employees’ laptops. All employee’s handheld devices are completely protected by MDM (Mobile device management). Antivirus and anti-malware solutions are deployed on the end user devices. The organisation has deployed a phishing defense solution to minimize attacks and continuously educates employees on different phishing scenarios. Constant communications with employees on best security practices; sharing of data security videos and circulation of critical updates relating to the operating system and other applications educate them about the same.
Email security policies are reviewed to make them more stringent and filter out malicious emails. ASCI also has a 24×7 IT and security support desk to manage any incidents and queries. Data security as a topic is also discussed in virtual townhalls and leadership messaging.