Focus on privacy and security by designJose Pinos
The pandemic changed everything
Last year, 85% of businesses viewed digital as nice to have. And yet after the chaos of ongoing lockdowns, every company quickly learned how essential digital is to their success. Because the crisis highlighted weaknesses in their strategies and operations, over two-thirds (68%) of businesses are now in the process of re-thinking their long-term plans.
So what are the key considerations that need to be taken into account?
Remote working is ‘the new norm’
Even though remote working has been commonplace for many years, the directive to ‘work from home wherever possible’ accelerated demand exponentially. Lockdown gave us time to reflect and many companies realised that any fears they may have had about people working from home were replaced by the reality of a happier and more productive workforce.
48% of decision-makers anticipate a higher percentage of permanent remote workers as a result of COVID-19. While Forrester expects at least 80% of companies to develop their strategies for future offices to include IoT applications, which enhance employee safety and improve resource efficiency.
Digital communications create more data
With more people working remotely, it changed the way we communicate and collaborate. Unable to meet face-to-face, more conversations are happening on virtual platforms – and many of these conversations are being recorded.
With remote working looking likely to remain a core component of our ‘new norm’, Gartner predicts that by 2025, 75% of work conversations will be recorded and analysed.
While this is good news because it will enables companies to reveal organisational value or risk, it has huge privacy implications. Classed as ‘personal data’ because you can identify an individual from their voice, audio files will need to be stored and shared securely. You then need to think about retention policies for that audio – not to mention the associated storage costs.
Greater emphasis is needed on compliance
Forrester predicts in the next 12 months, regulatory and legal activity will double and overwhelm organisations. Not only is remote working creating a data deluge, but the rules governing how that data is to be stored, shared and used is changing too.
The Court of Justice of the European Union has twice now ruled that there is disconnect between EU privacy law and US surveillance law. It first invalidated the Safe Harbor framework, which governed the flow of personal data. And now it has deemed that the Privacy Shield is inadequate.
And in the likely event of a no-deal Brexit, the UK will no longer fall under the EU GDPR – instead, operating in a ‘third country’, where data transfers are subject to tighter restrictions.
This shifting regulatory landscape will require you to take an in-depth look at your organisation’s data. You will need to identify all the data you possess and collect, where that data is stored, and who has access to it. Then you need to determine whether your Standard Contractual Clauses (SCCs) are sufficient to protect you, or if there’s more work to be done to keep your data safe and your business compliant.
Cyber-attacks becoming more sophisticated
According to data published by UK’s National Cyber Security Centre (NCSC), over a quarter of the incidents responded to were COVID-related – an increase of 10% on the previous year. While a survey of over 3,000 security professionals concluded that the methods used to infiltrate an organisation have changed, with 80% claiming attacks have become more sophisticated during lockdown.
Targeting legitimate tools to inflict damage, the majority of today’s attacks encompass tactics, such as lateral movement, island hopping and destructive attacks. Today, rather than try their hand at opportunistic methods, like phishing, cybercriminals are actively targeting OS vulnerabilities.
Our future is digital – are you ready?
The crisis forced many organisations to enact new ways of working overnight that they perhaps weren’t ready for. Stretching digital boundaries to breaking point, it’s exposed flaws and vulnerabilities that now need addressing.
Gartner agrees. It says,
“Technologies are being stressed to their limits, and conventional computing is hitting a wall.”
Information Age: “Garner reveals top IT predictions 2021”
To strengthen your security posture and enable you to maintain business-as-usual in the digital world, you need to develop a ‘privacy by design’ approach and ‘security by design’ approach to your initiatives. When operating in this way, you look beyond basic security measures to improve your organisation’s overall resilience to threats. Ingraining security as standard, your operations are protected end-to-end, and your people keep security front of mind while they get on with their jobs.
How Atech can help
There is a fear with security that you can strengthen your posture so much that it becomes cumbersome for people and hinders their ability to get on with their work. Our focus is on delivering the right people, process and technologies that drive value and reduce risk for the business, without putting barriers in front of your people.
We believe the first priority has to be securing your remote workforce, and Gartner agrees. It says organisations need to,
“Focus on business requirements and understand how users and groups access data and applications”.
Once your people are safe, we can more on to the wider business, looking at everything from risk-based vulnerability management, to incident detection and response, cloud security, passwordless authentication, data protection, workforce competencies assessment and risk assessments.
It’s all covered through our intelligent managed security services. Helping you to create a culture of continuous security posture improvement, we deliver a workplace that is resilient and productive, without compromising data.
- Cyber Essentials certification: scan your environment, fix vulnerabilities and achieve certification to simplify the process of protecting your organisation and its data.
- Simulated attacks and security awareness training: train and test you people to protect your business against sophisticated and almost undetectable attacks.
- Dark web identity monitoring: expose any vulnerabilities and take action to prevent your credentials being compromised and used in criminal activity.
- Email security: ensure your security tools are correctly configured and maintained to secure your company’s biggest vulnerability.
- Annual security health check: a 50-point checklist that covers end user, network and cloud infrastructure to ensure you have the strongest security posture.
Find out more about how our managed security service can secure the next version of your business.