Malika Pastor blog Les Assises

COVD-19: Malika Pastor shares her thoughts on today’s cybersecurity

During a crisis, cybersecurity emergencies highly increase, and the ranking of priorities becomes a strategic challenge. While France reopens, what is our assessment? What were the crisis management exercises we did? Were they successful? What can we conclude? Colliers International’s CIO and Before steering committee member Malika Pastor answers all these questions for us.

Les Assises Cyber & covid19 Malika Pastor

What are your current emergencies as a CIO?

After the Government’s recommendations to restrain travels and to guarantee the safety and well-being of thousands of our employees, clients and partners, Colliers International’s Board decided to close its headquarters and offices. To face this unprecedented situation, the teams affected by the lockdown were asked to do full remote working. Fortunately, working from home was not new to us: we had already set up the system two years ago.

The first weeks, I stayed in touch with the Board on regular basis during crisis meetings; this to contribute to the ranking of strategic decisions both on operational and organizational levels.

The IT department must come together and be agile to be ready for unpredictable issues and for eventual changes in technical operations and projects. The purpose is to support and improve working methods and to supervise flexible infrastructures so they can be coherent with the priority business activities. IT must not be blamed in case there is a lack of performance for the company: that is why a few technical adjustments were required such as the VPN size calculation, or the adding of software licenses from day 1 of the lockdown.


What are the security measures that must be respected?

All our employees can do remote working safely: encrypted and secured devices are provided by Colliers’s IT department. They also benefit from secured connections, encrypted exchanges and applications which are updated regularly via our VPN, and from a multi-factor authentication to remotely access all the company’s resources. To do so, I rethought the global infrastructure three years ago and it enabled activity continuity in a safe environment: filtering solutions with intrusion detection and prevention and a strong traffic analysis. 

It is also a good opportunity to do a full-scale test of our Business Continuity Plan (BCP) and to adjust it to be able to act quickly and properly in case of emergency.

Nevertheless, remote workers need to be reminded the precautions to take and then have to follow them. For that, we organized a phishing campaign simulation to raise cybersecurity awareness among our 18,000 employees and to make sure they know the good practice. It is difficult for the IT department to keep control on the solutions that the employees use during the lockdown, such as non-secured communication and collaboration SaaS-based solutions provided by partners and stakeholders. Just as usual, remote workers are asked to use only the connection modes and the solutions that are tested and approved by the IT department for all their professional activities.


Have the crisis management simulations proven useful in your company? 

A crisis is always sudden and surprising because of its breadth. The health crisis that is a result of the Covid-19 pandemic shows us how much BCPs are fundamental. They make a list of the measures we have to take as quickly as possible to protect and communicate while continuing to work. Moreover, the organizations and industries who have not digitalized enough yet will be particularly affected: they will need to modernize to be ready for any future crisis.

Colliers’s first two priorities are protecting its employees and continuing the most essential activities without losing sight of the secured resumption of all its activities while countries gradually reopen.

To face this system crisis that we had never experienced before, we immediately deployed all the required action plans we had cautiously anticipated, evaluated and adapted during previous crisis management simulations. These scenarios of activity continuity have proven useful to globally act better during the unexpected, and it helped us protect our workforce, employment and to answer urgent customer expectations.

I would like to point out that crisis communication is an essential part of the plan to maintain partner trust and to inform all the people involved. I think all the organizations that have a previously structured process to guarantee business activity continuity are more resilient and agile during unsettling events.

What is your conclusion? 

The resilience showed from the IT department up to the Board during this crisis will make us stronger and closer: experience strengthens, improves, and will speed up our future success in digital transformation.

We can’t say we will be back to normal in a few weeks. We now have to readjust our strategic plans and budgets to be ready to set them up when Covid-19 is over, when recovery starts, and to inform our partners.

Resolutely turned toward the future, I am convinced that technology entropy will quicken, change scale and move cyberspace to a new digital era: a new economic paradigm based on resilience, a stronger human collaboration and solidarity. CIOs, CISOs, let’s be positive and committed, our teams and employees need us like never before. Let’s stick together, virtually of course, stay confident and observe the positive impacts in terms of use and technology today to answer and support better tomorrow’s challenges for both public and private organizations.