Experts Agree: new data breaches in wake of COVID make online security top priority
The COVID-19 pandemic has led to a substantial increase in online activity. Since last spring, countless Canadians and others across North America have been working from home while remotely connected with their company networks.
While this “new normal” has in some ways made things safer for employees, it has also opened the door for new, more sophisticated cyberthreats and other online attacks, and it’s been reported that the number of potential targets for cyber criminals has increased exponentially.
Many companies that provide data management solutions are helping their clients ward off such problems. And they’re not alone.
“Microsoft’s recent Digital Defense Report finds that threat actors have significantly increased the sophistication of their methods over the past year, making them harder to spot as they threaten even the most well-protected targets,” writes Kevin Peesker, president of Microsoft Canada.
According to Peesker, Microsoft scans eight trillion signals per day. Last year the company blocked more than “13 billion malicious and suspicious mails. out of which more than one billion were to launch phishing credential attacks.”
Peesker goes on to note that now, “we’re seeing attackers use new reconnaissance techniques to increase their chances of compromising high-value targets. In fact, one-third of Canadian businesses say they’ve been targeted by a COVID-19-related cyberattack, according to a 2020 survey by Canadian Internet Registration Authority (CIRA).
Risk management to combat data breaches has never been more important. To mitigate the risk of future problems, companies need to be confident that their processes and those of the companies with which they interact are safeguarding data. To this end, establishing and following specific policies and procedures that govern data use, sharing and storing can help.
Many IT experts recommend providing security education and communicating best practices to employees. “Risk management efforts are often hampered by things that have little to do with IT, Software defined Perimeter or patching vulnerabilities,” writes Chris Bruce at securityboulevard.com. For example, he writes, employees who use generic passwords across many accounts expose the organization to the risk of attack and make it easier for malicious actors to gain access.”
According to Bruce, employees “also must be properly educated about the potential risks of their behavior; for example, regularly reiterating that links coming from a stranger—which increasingly appear to be legit—could well be from a hacker, so it is important to verify the source before sharing personal information.”
Employees can’t do it alone, however, especially in the Internet of Things (IoT) environment in which so many people are now working. When you consider that a relatively few number of smart device manufacturers currently embed even the most basic cybersecurity safeguards in their products, protecting IoT devices and the data stored within them must be a top priority.
“Unfortunately, many companies are getting it wrong with simple mistakes, such as having no centralized function to manage all of their devices,” writes Gorav Arora, Director of Technology, CTO Office, Cloud Protection and Licensing at Thales. “There is also a risk, as we digitally evolve the workplace and bring these devices in, that IT security teams may not be truly aware of the threats and risks.”
There are several things IT departments can do to address these risks. They include watching for unusual traffic patterns and data as well as isolating IoT devices to a specific part of the network. They can also invest in devices that provide such security safeguards as encryption, multi-factor authentication and key management.
If these measures aren’t in place, or if they don’t have the level of knowledge needed to accomplish it, one solution is to partner with a company that does the knowledge and expertise to do this.
There are numerous security companies that are helping clients safely store and manage their data. For example, FutureVault, led by G. Scott Paterson and others, helps companies address their data security challenges by providing a powerful white label SaaS solution to acquire, reward & retain their clients, members and employees while enhancing their ability to manage key client segments and digitally deposit, store, and manage their information through a highly-structured, instructive interface across multiple entities.
Beyond these measures, many IT experts advise company administrators to invest in education for their employees. This includes teaching them about how to avoid security risks and the vulnerabilities created when working from home or other remote locations using their own personal computers and mobile devices. Although the pandemic has in many ways dramatically changed how companies operate, tech professionals agree that being proactive can go a long way in maintaining a significant level of security.