Talking to… João Diogo Silva about COVID-19 impact on cybersecurity

João Diogo Silva it’s LOQR Security Manager since June 2020. His taste for research in Information Systems, auditing, process continuous improvement, and information security governance emerged in the development of his master’s thesis at Universidade do Minho, supervised by Professor Filipe de Sá-Soares. Deepen his knowledge in Cybersecurity Governance in 2016 at ISEG – Lisbon School of Economics and Management, leveraging the opportunity to learn and work with experienced professionals in the area.

João Diogo, how COVID-19 changed LOQR work reality?

With COVID-19 arrival, the number of people working remotely increased exponentially. This meant that people and companies had to adapt quickly to a new reality, and I believe that this reality is here to stay, not in a remote environment, but in a mix between remote and office.

Face-to-face meeting rooms were replaced by videoconferencing platforms, making them essential to keep LOQR on track. Thus, we faced the challenge to adapt our information assets, using videoconferencing platforms in a safe way, training our team, and configuring our tools, so that we could continue working in the most efficient and effective way possible, without difficulties.

What is the impact of the pandemic on the threat landscape?

Attackers seek profit as much as possible from the panic generated in people, and as such, coronavirus-themed schemes have increased exponentially, having been the same already mentioned by entities such as Centro Nacional de Cibersegurança.

Among the types of attacks, we highlight the campaigns of phishing/smishing, and exploitation of social engineering, which seek to catch people off guard and obtain as much personal data as possible. These attacks are related to the theft of personal data, access and/or destruction of sensitive information, fraud, and theft of intellectual property. These attacks have a significant impact on what is the normal business journey, as well as on the reputation of the different entities involved.

Did you think that these concerns are changing corporate security priorities?

Security is a priority since LOQR’s day one. Nevertheless, with LOQR’s growth and the increasing importance and responsibility, both in the national and international market, it becomes increasingly crucial to have some form of controls in place to manage information security.

Of course, COVID-19 only reinforced our security concerns, since we are facing brand new challenges, not only for LOQR but for any entity.

How is LOQR implementing those priorities?

We believe that business value depends on how information is kept safe, since information is one of the most valuable assets that a business owns, thus cybersecurity strength and resilience shall be granted by default.

Thereby, we are implementing an Information Security Management System based on International Organization Standardization 27001 & 27002 & 27005, NIST SP-800-53 Rev4, and creating a Security Operations Center that aims to monitor and improve LOQR’s security, preventing and managing cybersecurity incidents.

How can we guarantee security at our home?

There are some good practices that can be followed to ensure safety in remote work, as is the case with Cybersecurity Hygiene measures. Measures related to access control, strong authentication measures, secure use of e-mail, and lock computer screen when a computer is not in use shall also be kept.

We must also ensure that our home wireless network is segregated into a work network and guest network, configure our wireless router operation mode is set to WPA2, encryption mode set to AES, and define complex wireless access passwords (capital letters, lowercase letters, numbers, and special characters).

Additionally, we can use a password manager (KeePass or Keychain Access) can help avoid risky behavior such as saving or sharing credentials. We use a VPN solution to access LOQR’s infrastructure and programs with encrypted network connection, and multi-factor authentication adding another layer of security to any apps we use professionally.

And the costs for People? What is the LOQR team’s importance?

As we know, the emotional impact of the pandemic on people is undeniable.

Thus, now more than ever, it is extremely important to stay in touch with our colleagues, Loqr’ianos, who are at home, through awareness sessions performed by our security team, on cybersecurity hygiene, secure development best practices, incident response management (…), showing and guaranteeing that each one of them plays a crucial role in safeguarding LOQR’s security since it is everyone’s responsibility.

João Diogo, if you had to define the LOQR in one sentence, which would it be?

Since LOQR is transforming our digital life and the way we leverage our digital identity, it would be “Safeguarding your digital life”. Stay safe!