The pandemic also made companies realise the importance of increasing investment in security tools

Since March, over 66% Indian companies have faced at least one data breach, according to a survey by Barracuda Networks, a security firm.

As remote working becomes the new normal, organisations are starting to give more importance to cybersecurity.

Companies have taken various measures to mitigate the risks arising from data breaches. According to a report by IBM, average total cost of a data breach to a company is $3.86 million.

The lockdown period saw a surge in demand for Virtual Private Network (VPN) in India as system managers tightened security to identify and mitigate vulnerabilities. VPN demand grew by nearly 30% compared to pre-pandemic levels, according to Top10VPN.

“After anti-virus systems, VPN has been an effective tool to ensure work information remains secure,” said Vidhi Mehta, Chief Technology Officer at Moneyfront, a financial services firm.

Upgrading anti-virus systems also helped inform employees of malicious websites and virus-inflicted files, she added.

Cybercrimes such as charity scams, phishing attacks and supplier scams increased by more than 85% between March and April compared with the previous months, Reuters said citing a Home Ministry official.

Companies are conducting regular training sessions to inform employees of phishing attack and email scams so that they don’t fall prey to cyber attacks.

As part of building awareness, employees are advised to exchange client information only through official e-mail channels and to avoid passing on details via social media or messaging platforms.

Some companies are organising mock drills to test the preparedness of employees. An e-mail replicating a scam is sent to all employees, and employers would then note who informs them about the inauthenticity of the email.

Apart from creating awareness, companies are enabling G-Suite access to employees to ensure safety owing to its “strong phishing and spam detection” mechanism, said Kailash Nadh, CTO of online trading platform Zerodha.

Zerodha had filed five cybercrime cases with the National Cyber Crime Reporting Portal since March. It had none last year, Nadh added.

Most scams include sending unsolicited stock tips to users, prompting them to invest in risky securities.

“If a million users are attacked and 100 fall prey, it still leads to a lot of money lost,” he added.

To combat this, confining client information access to specific departments has helped prevent data leak. For instance, access to client information in Zerodha is restricted to the compliance and risk department.

Updating privacy policy regularly also creates a secure bubble to help keep clients and employees informed about potential threats and solutions.

Further, notifying users of unusual account sign-ins, similar to Gmail prompts, helped alert Zerodha customers. The company’s Time-based One Time Passwords (TOTP), a cryptographic token to verify user authenticity, helped users prevent malicious sign-ins.

Higher budget allocation for better cybersecurity systems plays an important role. Investment in hi-tech security across companies is likely to increase in the coming year, said Vidhi Mehta, CTO at Moneyfront.

Investment in anti-phishing tools and multi-factor authentication software have increased in the past 6 months, according to a Microsoft report.

Integrated security solutions are now seen as imperative with the Covid-19 pandemic showcasing the true need for companies of all sizes, it added.