The Indian Securities and Exchange Board of India (SEBI) seems to have sent a circular to the stock exchanges urging market participants to improve information security as bad players try to take advantage of changes in the financial services sector to work from home.
The SEBI seems not to have published its document, but the National Stock Exchange of India – the largest stock exchange in the country – and the Bombay Stock Exchange (BSE) and the Indian Mercantile Exchange (MCX) issued the same 14-point safety guidelines at the end of last week. It states that SEBI has encouraged market players to implement a basic level of security on computers used by their employees at home (NSE here, BSE here, MCX here [PDF]).
The documents indicate that the new standard is necessary because COVID discovered that the industry was sending many employees to work from home, so cybercriminals used this opportunity as a target for users and information communication technologies. It therefore appears from the documents that SEBI has advised us to ensure that the members/participants implement the prescribed measures.
Requirements include multi-factor authentication, the use of virtual private networks linked to MAC addresses of the device, and even regular user photography combined with image recognition to identify users.
The Government of India describes itself as circumventing the confidential contact tracing data contained in the national annex to COVID-19.
It is clear that the mediator may consider the introduction of a mandatory monitor on board the aircraft, which … appears at random intervals and requests biometric authentication with a time-out of a few seconds. If there is a timeout, it is marked as a security event on the intermediate server.
Remote access must be monitored at all times to detect any abnormal access and appropriate alarms and warnings must be generated before damage is caused, the Council added: In order to be able to observe on the spot, the intermediary must set up an appropriate protection mechanism, such as cameras, guards in the vicinity of a colleague, in order to promote technological activity.
The guide also recommends, as a precaution, testing backup, recovery and archiving options for those who are remotely in contact with important internal systems. It is also proposed to exercise reasonable judgment and caution when applying patches to existing hardware and software, and to apply only necessary and appropriate patches.
Market parties are also informed that their Security Operations Centres (SOCs) collect logs that are analysed remotely.
It is proposed to introduce a mandatory monitor on the device, which will appear at random intervals and ask for biometric authentication.
Security alarms and alarms should also be analysed and appropriate decisions taken to address security issues, the recommendation goes on. Safeguards carried out in accordance with the requirements of remote access should be integrated into the SOC system and form part of the overall safeguards.
The Council concludes by stating that the measures it has requested should become standard practice in the future.
It is not clear whether SEDI or the Indian stock exchanges have discovered foreign transactions or trading patterns as a result of careless work at home, or whether this new manual is a precautionary measure.
Whatever the reason, welcome to a new habit of random webcam recording to make sure you are the one in the office. ®