COVID-19 Has Made a Lasting Impact on Data Security
The Coronavirus pandemic has altered many things in this world and data security is no exception. Along with the solid impact COVID-19 has made on data security, let’s highlight some of the other key ways lasting change has been made within businesses.
The Lasting Change: Working from Home
As of 2022, 16 percent of companies in the world are now 100 percent remote, while 58.6 percent of the total U.S. workforce are remote workers. Although 77 percent of remote workers say they’re more productive when working from home and have a better work-life balance, that doesn’t necessarily mean they’re being as responsible and safe with sensitive data as they would be in an office setting.
Unfortunately, working from home does not guarantee the same level of cybersecurity as an office environment. This is due to some employees using the BYOD (Bring Your Own Device) approach where personal devices (phones, tablets, laptops) are used to access corporate files and/or data. This approach, in contrast to a COPE (Corporate Owned Personally Enabled) approach, can leave users more vulnerable to cyberattacks. For instance, it’s not far-fetched to assume that employees may not run an antivirus or anti-malware scan regularly, if at all. A home working environment does not have sophisticated enterprise prevention and detection measures, as well. Additionally, home Wi-Fi networks are also much easier to attack.
However, despite these cybersecurity challenges, remote work is not going anywhere anytime soon, especially with the growth of tools that let us digitally communicate and collaborate like Slack, Zoom, Dropbox, and more. In fact, 99 percent of people would choose to work remotely for the rest of their life, even if it was just part-time.
Related Reading: Still WFH? Time to Revisit BYOD, Security, and More
The Lasting Impact: Increased Security Needs
According to Talent Trends, only two in five companies reported to be mostly or fully digital prior to the COVID-19 pandemic. However, now, cybersecurity professionals can no longer solely rely on secure office computers, networks, internet, and security procedures for physical and in-office security for protection of their data and information.
This means what was thought to be a temporary transition to remote security tools, root access to machines and networking capabilities, is no longer temporary for many organizations and IT professionals.
Get the Guide: CISO Perspectives: Data Security Survey 2022
To pivot effectively to meet the increased security needs, virtual private networks (VPNs) have become a clear necessity, BYOD policies and security procedures must be put into place, and organizations need to ensure that employees’ data isn’t being exposed to threats and that employees themselves aren’t engaging in unsafe or malicious activities.
The impact of remote work on data security has also shown that proper network configuration is critical for businesses that wish to continue working remotely. Software-defined networking (SDN) is one approach that can be cost effective and reliable, especially as people increasingly move their network away from physical infrastructure. The switch to remote work also requires that the cybersecurity sector itself adapts to provide better support tools and protection for its own professionals. By doing so, they can continue to innovate, improve, and work in real-time to find the right solutions to current cybersecurity threats.
Related Reading: Developing a Plan for Data Risk Management
The Lasting Impact: New Attack Methods
While the type of security attacks has not changed, their frequency has – and it has increased. Although working from home keeps employees safe from illness, it has not helped keep employees safe from exposure to contracting virtual viruses, malware, phishing, and other security attacks.
Another example of cybercriminals exploiting cybersecurity weaknesses in remote work has revolved around cyberattacks on video conferencing services. Between February 2020 and May 2020 alone more than half a million people were affected by breaches in which the personal data of video conferencing users was stolen and sold on the dark web. Although it would be ideal, the problem is most video conferencing systems weren’t developed with security at the forefront – meaning no emphasis on strong encryption and privacy controls – but were rather built solely to facilitate an online meeting.
Additionally, prior to the pandemic, about 20 percent of cyberattacks used previously unseen malware or methods, but that proportion has now risen to 35 percent. Some of these new attacks use a form of machine learning that adapts to its environment and can remain undetected, such as more sophisticated versions of phishing that utilize different channels like SMS and voice phishing (vishing). Moreover, ransomware attacks are also continuing to grow in their sophistication as well through methods like Ransomware-as-a-Service (RaaS).
Related Reading: The Top 10 Cybersecurity Threats of 2021