EastWest protected by a different kind of ‘PPE,’ says CISO

Just as people need personal protective equipment to safeguard themselves against the threat of the COVID-19 pandemic, banks and businesses must also adopt their own “PPEs”—the importance of People, Process, and Equipment—to shore up their information security, says EastWest Chief Information Security Officer Joey A. Regala.

Jo EastWest Chief Information Security Officer Joey A. Regala

This PPE framework, which Regala has already put into action for the bank, is the latest adaptation in the new normal brought about by the current situation.

“Hackers are just waiting for employees to do something they were not supposed to do, or something they failed to do,” explains Regala. “Picture our employees as frontliners—let’s equip them with ‘PPEs.’”

How companies should use the PPE

The framework laid out by Regala is broken down into three important components, none of which can truly work without the others.

People refers to employees’ behavior and culture, ultimately focusing on their knowledge of what they ought to do and ought not to do when it comes to acting online.

The biggest reflection of this is to have organizations constantly brief employees on new emerging threats and methods of cyberfraud, and how to make sure their workstations and files are safe and secure with the latest security software.

For EastWest, employees get regular information security alerts that ensure they are up-to-date and aware of any phishing scams and other malicious e-mails or messages, as well as security checklists.

Process refers to the organization’s policies that are in place to maintain security. A few examples are EastWest’s telecommuting policies with guidelines on how to safely and properly work at home, as well as policies of measuring employees’ remote productivity.

Equipment refers to actual security technology used by the organization to protect its data and assets. Some of the advances Regala enumerated are the use of virtual private networks, multi-factor authentication, data encryption, data leak protection, advanced threat protection, analytics, and AI.

All of these components are tied together by everyone’s awareness—of this new framework which organizations can use, and of threats to protect people from.

“This is the perfect time to make people aware and remind them that the computer virus was coined after biological viruses, which we are now battling today,” says Regala. “The way we secure ourselves from COVID-19 with PPEs gives us a perspective on how important it is for us to also protect our data from viruses that hackers use to infiltrate our systems.”

With the Philippines entering general community quarantine on June 1, social distancing measures and work from home arrangements are still recommended until the curve of the coronavirus’s effects is flattened. This setup necessitates continued vigilance in cybersecurity both at home and in the workplace.