Maintaining a Secure Data Culture During and After COVID-19

18
fredrik

Fredrik Forslund, VP of Cloud and Data Center Erasure Solutions, Blancco

Like many other organizations, the World Health Organisation (WHO) has reported a fivefold increase in cyber-attacks faced by its staff since the beginning of the COVID-19 pandemic.

Before the crisis began, many felt secure with their data culture, with staff in an office supported by localized IT systems and equipment. How can companies maintain a secure data culture as the way people work becomes more flexible, remote, and de-localized?

It’s often the IT department’s role to ensure data management processes are kept up to date and communicated effectively, but this has historically been in an office environment. Employees today are working remotely, using company IT equipment in new locations, and sharing data in new forms and media, like video-calls or via shared online workspaces.

A secure data culture keeps staff and the wider business protected, but a culture of data security that was once understood and practiced company-wide is now much harder to implement and track. So, how can a company maintain a secure data culture during and after a global pandemic?

More data more problems

The volumes of data organizations store and manage increased exponentially over the last few years. For example, over 100 billion private and corporate messages are shared every day on Facebook alone – and that’s just one platform.

Read More: COVID-19 exposing the Cybersecurity Vulnerabilities of Enterprises

Concurrently, the pandemic has forced thousands of organizations to rapidly digitally transform, moving analog systems online and relying on IT equipment more, resulting in more data being stored.

But with more data being processed and stored comes a greater risk of suffering a security breach. These growing concerns have pushed organizations to shift their priorities and budgets and, for some, increase their security spending to protect cloud environments and remote workers.

Gartner reported that the cloud security market will see by far and away from the greatest growth this year, at 33.3%. While other markets within the sector, including data security, application security, and identity and access management, will be up between 5% and 10%.

Data is an essential resource in the new Digital Economy, but unfortunately, for many, despite the increase in security spending, data management policies have not been keeping with the times.

The more data an organization processes, the more important it is to update security measures. Recent research, however, found that 36% of organizations globally were still using outdated data sanitization methods such as formatting, overwriting using free software tools, or paid software-based tools without certification and physical destruction with no audit trail.

Today, this is simply not good enough. Increasingly sophisticated cyber-attacks and threats combined with ever greater data volumes mean maintaining a strong and secure data culture is more difficult than ever.

Read More: COVID-19 – Three Cyber Security Changes to Look Out For

Communication is education

The new working practices driven by the pandemic are only adding to these concerns. Research from February 2020 found that of 1,850 senior decision-makers from large enterprises surveyed, 51% said that flexible workers and mobile workers were the least likely to comply with data sanitization policies.

Perhaps employees are less concerned with data management policies when outside of the office environment? Either way, the perceived security threat has increased as a result of the pandemic, which denotes there has never been a better time to ensure employees comply with policies regardless of their location.

In the current situation, communication is more important than ever. The same research found that although 96% of the senior enterprise leaders surveyed have a data sanitization policy in place, 31% have yet to communicate it across the business.

To have a strong and secure data culture, communicating effectively about best practice data management throughout an IT asset lifecycle to all employees is imperative.

Considering the most common cause of a data breach is human error, any organization updating its data management and data security policies in response to the pandemic must recognize that its effectiveness is not guaranteed unless it’s relayed effectively to all staff. If there is no mention of guidelines on creating and maintaining a culture of data security in the policies and relayed to every employee, there is little chance it’ll be enforced.

All for one

The global shift to a new way of working heralds a host of problems for data security and presents an opportunity for organizations to scrutinize, reconfigure, and update their data management and data security policies.

Read More: Topmost Concerns that keep CIOS awake During the COVID-19

Employees will be accessing sensitive company data from home, using their own network, and perhaps their personal devices. The policies must address how employees handle company data remotely, ensuring it is tracked throughout its lifecycle and correctly sanitized at end-of-life.

One important component of data management to consider is how IT equipment is handled at end-of-life and to see if an auditable data sanitization process is in place to ensure no sensitive data is recoverable.

Auditable data sanitization is the only way to ensure data is removed from an IT asset and kept secure, but this can be difficult to track when company assets are spread far and wide. There are solutions available, however. For example, remote erasure allows you to erase equipment across any location, removing the need to physically move equipment and risk exposing people to COVID-19.

Exploring new data management tools like these as well as updating your policies with clear ownership and ensuring they are communicated effectively is key to minimize the impact of a shift in responsibility of data security and efficiently keep data secure as working patterns continue to change. A secure data culture can only exist if all employees are involved, and only when all employees are involved can data security be guaranteed.