Six months ago, the World Health Organization declared the novel coronavirus, SARS-CoV- 2, to be a public health emergency. Since then, millions of people have caught the disease, hundreds of thousands have died, and efforts to control the spread of the virus have transformed the way we live and work. As we look ahead to the next six months, and beyond, one thing is clear: our economies, and our businesses, will never be the same again.
That doesn’t mean we won’t recover: we will, and there’s a good chance we’ll come back stronger. But the way we work, and the way our businesses operate, will be fundamentally different as a result of this crisis.
One area where that will be felt most strongly is in the field of cybersecurity. We’ve already seen businesses struggling to put adequate security measures in place as they rushed to move their workforces online. Now, with companies such as Facebook and Google increasingly viewing remote work as a long-term strategy, we’ll need to move beyond crisis management, and figure out what data security means in a distributed workplace.
Here are five key areas where companies can take action now to keep their sensitive data secure in the “new normal” of long-term, widespread remote work:
- Q&A: The security considerations of remote working (opens in new tab)
Make communication a priority
Perhaps the biggest challenge to remote working is keeping lines of communication open. It’s all too easy for people to hunker down and focus on their own work, and stop sharing information and learning from one another. That’s a particular problem in hybrid virtual models, where some teams are on-site and some are working remotely — because location becomes another silo that can prevent vital information from being passed on in a timely manner.
Research shows that proactive outreach is essential to helping remote workers to stay connected, so make sure your IT and security teams use tools such as Slack, ticketing software, and knowledge-sharing platforms to reach employees wherever they are. Communication needs to be a two-way street, too, with employees able to get prompt round-the-clock support and to escalate concerns rapidly if a serious problem emerges.
Get smart about onboarding
When it comes to cybersecurity, people are almost always your weakest link — and keeping your team well-trained and engaged will be harder than ever in the era of widespread remote work. That will become doubly true as companies begin hiring remote workers who’ve never spent time on-site, and haven’t been inculcated with the company’s culture and data management norms. To succeed, you’ll need a robust onboarding program to ensure new hires understand what kinds of data are sensitive, what to do and what not to do, and who to contact when things go wrong.
Don’t treat this as a fire-and-forget process. Employee enthusiasm drops 22 percent after their first week on the job, so it’s important to plan on regular follow-ups and reminders to catch and correct mistakes. And remember that no matter how good your onboarding procedures, people will still make mistakes — so think about how to automate data management processes, and work to make your data-tech stack as hands-off and foolproof as possible.
Classify your data effectively
Data classification remains a key failure point for many companies, with two thirds of companies saying they’ve classified less than half the data in their cloud storage systems. Remote working will raise the stakes, making unclassified data a greater risk factor, and making it harder than ever to spot problems and course-correct,
There are various approaches that can help with that: effective training is a must, and cleaning up existing data sets is important. But it’s also crucial to recognize that remote working brings new distractions, so errors will continue to creep in. The best approach is to automate the classification process so that when workers slip up, sensitive data is still detected, tagged, and treated as it needs to be.
- Working from home could be a major security risk for your employer (opens in new tab)
Control actions, not data
In the on-site era, many companies believed they could keep data safe by toughening their perimeter. After all, if you keep the bad guys on the outside, you’ll be fine, right? Well, that approach didn’t work well before Covid-19, and it’s certainly not going to work in the new era. With a distributed workforce, your perimeter just got exponentially longer and harder to policy — so you’ll need a new security strategy.
The best approach is to focus not on building walls that prevent access, but rather on building control systems that determine how data is used. Think of this as a distributed security strategy to go with your distributed workforce: whenever a user tries to open, copy, share, or alter a given bit of data, your security infrastructure should be capable of checking their credentials on demand, using encryption and identity-based tools to ensure that it’s impossible for individual users to inappropriately use or share sensitive data.
Expect the worst
Cyberattacks have spiked 273 percent during the Covid-19 era, and hackers are putting significant time and resources into targeting both large and mid-sized businesses. That’s because they know companies are vulnerable as they transition to remote work. But you don’t have to be a victim — if you start assuming cyberattacks and data breaches are inevitable.
When you assume that your distributed network is porous and vulnerable, and that getting hacked is unavoidable, it changes the way you think about data security. The goal isn’t to protect all data perfectly: it’s to tier your data by sensitivity, so that hackers who make it past your first line of defenses can’t do serious damage. Expect the worst, and plan accordingly to keep your most valuable data secure.
Don’t get stuck in crisis mode
The bottom line is that data security will remain a major challenge for both large and mid-sized enterprises in coming months, and the shift to remote working will create significant new vulnerabilities.
There’s no way to avoid those risks altogether. But by recognizing that human errors are your weak spot, training your team effectively, and automating core security operations, it’s possible to make life much harder for hackers. Combine that with a tiered, distributed approach to data security and you’ll be well placed to survive and thrive in the “new normal” of the post-pandemic world.
- The best VPN service 2020 (opens in new tab)
Christopher Muffat, CEO, Dathena (opens in new tab)