Enterprise data security: Driving business resilience post-COVID

Published December 16, 2021   |   

Many businesses have experienced rapid digitization amid the pandemic. Several enterprises shifted to remote working and cloud-based platforms. For the past 22 months, the world was placed on alert as several countries experienced multiple surges of Covid-19 infections, resulting in localized lockdowns, closure of several businesses, and enforced home quarantine. The pandemic tested an organization’s resiliency as they were not prepared for the abrupt changes.

Many companies clamored to put additional security measures as employees have to access corporate data frequently and from places that may not be secure. IT departments were doubly burdened by the need to secure corporate data due to remote access. They also have to ensure that employees working from home have secure devices and applications, as they have to connect to network servers in the office or access corporate assets from the cloud.

There is still no end in sight regarding the pandemic, but as the health risks taper, many employees are still hesitant to return to the office, giving rise to a hybrid work environment that is seen to be the standard mode of working from now on. Employees realize that working from home is doable, giving flexibility and several other benefits. Further, they are now used to the new work setup. Most organizations favor the new normal, and according to the 2021 survey by CBRE, about 87 percent of the large companies in the U.S. that employ 10,000 or more will be adopting hybrid work.

Positive impacts of the pandemic on businesses and economies

While the global pandemic has adverse effects on economies and industries and took a toll on millions of human lives, there were also positive impacts, according to the 2020 special business survey of the World Economic Forum—The Global Competitiveness Report. In the advanced economies, the report revealed:

  • Responsiveness of governments to change
  • Collaboration within an organization
  • Availability of venture capital
  • Social safety net protection
  • Soundness of banks

Data breaches during the height of the pandemic

Although surprisingly, a pandemic can positively impact businesses and industries, it does not mean that industries are safe from cyber risks. Many tech experts argue that the pandemic allowed personal and business interactions and communication to move online without huge business impacts or outages.

However, the situation calls for enhanced protection given that IT departments have lower levels of control in the work-from-home environment. This underscores the question of what is data protection, and how can businesses and enterprises deal with the growing risk of data breaches?

The pandemic also brought about an increase in cybercrimes last year. According to an article in SecurityMagazine.com, from Q1 to Q3 2020, there were 2,935 publicly reported breaches, which exposed 36 billion records. Most notable are the millions of records from companies such as Microsoft, Wattpad, Broadvoice, Estée Lauder, and Sina Weibo.

BluKai, a web traffic tracking app, has a database of users of some of the biggest websites in the world, such as The New York Times, Rotten Tomatoes, Levi’s, MSN.com, Healthline, Glassdoor, Forbes, ESPN, and Amazon. Considering that the app has an unsecured server, and the breach, which exposed billions of records, was deemed as one of 2020’s largest data security breaches. Incidentally, BluKai is a startup bought by Oracle in 2014.

How do you secure data and drive business resilience post-Covid?

Given the stats, it is clear that cybercriminals remain relentless in doing their activities. According to an FBI report, the agency collected data from 791,790 suspected cybercrimes in 2020, an increase of about 300,000 over the previous year. These cybercrimes cost businesses to lose more than $4.2 billion.

Cybersecurity experts believe that the increase in cybercrimes was partly due to Covid-19 and the sophistication of cybercriminals. They are moving away from targeting thousands of victims at a time. Instead, cyber actors are now focusing on specific organizations that are more likely to pay a ransom.

Because cyber threats will always be there, IT teams should strive to find a solution to answer this question: What is data protection, and what should be protected?

What needs data protection?

With the amount of data a company goes through, it can be difficult to remember them. So here are some of the vital information that needs protection:

  • Data related to human resources such as employees’ data, payroll data
  • Sensitive data stored in the cloud
  • Data backups
  • Data stored on non-business devices such as home computers, memory cards, smartphones, flash drives
  • Hardcopies
  • All types of communication, including voicemails and chat apps
  • Social media accounts can be used for app validations
  • Data in use that are subject to encryption
  • Information supplied, handled, or accessed by third parties
  • Data subject to regulations, such as credit/debit card information, personal health information, and other personal identifiers

While digitalization provided many benefits, the changes it brought to the corporate environment also exposed them to higher levels of risk, especially in corporate data security. Most of the data reside on network servers, while others are stored in the cloud. Most companies agree that tracking and managing data becomes more challenging since data resides in various places.

Keeping your network safer will help you develop a higher level of business resiliency. It is already a fact that life post-Covid will be vastly different, which also applies to IT security. With employees choosing the hybrid work environment and companies finding the scheme favorable, it raises the questions as to which security enhancements the IT departments need to make.

Here are some ideas:

  1. Keep connections secure through an encrypted VPN. Since more employees will be telecommuting in the new normal, ensure secure access to the company’s network with a properly configured VPN.
  2. Invest and implement mandatory multi-factor authentication techniques to defend your network against various cyber threats such as credential stuffing and phishing attacks.
  3. Implement “layered” security for your network by layering security measures using a combination of multi-factor authentication, biometric verification, password hashing, and salting, application safelists, and secure logging and auditing to beef up your defense.
  4. Acknowledge and reduce insider threat as it has already been validated that insiders directly cause many reported data breaches and cyberattacks. Minimize insider threat by limiting the number of employees with access to critical data and identifying what data they can access when needed.
  5. Invest in regular employee social awareness training and make it mandatory. Your employees have to know and understand their responsibilities to keep network data safe and prevent them from becoming victims of phishing attacks and other forms of cyber threats.

Aside from robust network security tools, part of your security and business resilience after the pandemic is to remain vigilant and ensure enterprise-wide cybersecurity awareness. Unfortunately, the needs of enterprises are not the same, so you cannot find a one-size-fits-all solution. Instead, hire a team of experts to evaluate your specific network security requirements and follow best practices.