Looking back, 2020 will be remembered as the year everything changed. From the way we shop to the way we socialize to the way we work, for most people, no corner of life was left unaltered by the fallout from the COVID-19 pandemic.
For businesses, 2020 ushered in broad-scale changes to the data protection landscape, and we will be grappling with these changes possibly for years.
How the Data Protection Landscape Changed in 2020
When millions of employees went from in-office to working from home practically overnight, IT teams had no time to stand up adequate security infrastructure. With little remote worker endpoint security, unsecured home network connections, remote access vulnerabilities, and widespread usage of personal devices for work, no one was surprised by the surge in data breaches.
As the pandemic wore on, many businesses had to make tough staffing decisions. As a result, there were more than 2.3 million layoffs in 2020, which is a 289 percent increase over 2019.
Mass layoffs create huge data security risk. If employees aren’t properly offboarded—that is, permissions revoked and accounts disabled—there is a chance data could be deleted or stolen. For example, a disgruntled former employee might decide to go out in a blaze of glory by erasing or corrupting mission-critical files, or a cybercriminal could get access to an unused account and work their way up the network to the good stuff.
Pandemic-Themed Phishing Attacks
Cybercriminals know that 90 percent of data breaches are caused by human error. With most of the world’s workforce extra-distracted by COVID-19, it is even easier to trick users into clicking bad links in pandemic news stories or opening malicious attachments in emails that look like official notices from trusted healthcare organizations.
Compliance and Regulation Changes
Consumers are becoming more and more protective of their personal data every year. GDPR and HIPAA regulations have been around for a while now, but in 2020, more governments and legislative bodies began taking steps to implement new consumer privacy laws and increase compliance regulations at state and national levels.
Navigating Data Protection in the Post-2020 Business Environment
Although it is too soon to call the present day the “post-COVID-19 era,” at least we can say we’re post-2020. And as we move toward whatever comes next for businesses, there are several ways we can maximize data protection in today’s data-driven business environment.
Let the cloud play a central role.
Digital transformation got a jump start in 2020 and, as a result, a lot of companies are turning to the cloud for data protection for their new cloud-based applications as well as their on-premises data and systems. These are a few of the many ways businesses are using the cloud as part of their data protection strategy:
- Data protection as a service (DPaaS) offers a subscription-based solution that helps businesses protect their data and increase network security and recovery abilities. DPaaS is made up of three distinct service areas: backup as a service, disaster recovery as service, and storage as a service.
- Microsoft’s shared responsibility model makes third-party Office 365 data protection absolutely necessary. Microsoft protects their data centers and applications, but it is up to the user to keep data secure and to ensure they can restore databases and applications after an unplanned disruption.
- Cloud backups are an essential tool for disaster recovery and business continuity. Automated backups ensure the newest data is always available for recovery efforts. In the event of a ransomware attack, file corruption, or deletion, IT can restore data from the point in time just before the disruption.
Improve security infrastructure and policies for remote employees.
As cybercriminals become more savvy, passwords no longer afford the same protection they once did. Today’s businesses are moving away from traditional login credentials and adopting more sophisticated identity and access management best practices, including:
- Least privilege
- Zero trust
- Multi-factor authentication
- Secure remote access
Expect new and more stringent data privacy and protection regulations.
Demand for consumer data privacy and protection is expected to increase over the next few years as more states, regions, and countries implement stringent laws and stiffer penalties for noncompliance.
One key thing to watch in 2021 is the California Privacy Rights Act, which, among other things, increases restrictions on the sale and sharing of consumers’ personal information. It is also important to keep an eye on how the end of the Brexit transition period impacts data protection regulations.
Prepare to battle bigger, badder ransomware strains and tactics.
Security experts are predicting an active year for ransomware operators. We can expect to see an increase in some new and evolving ransomware tactics and technologies, including:
- Double extortion: The ransomware operator steals sensitive data before encrypting the files so they can threaten to sell or expose the data if the ransom isn’t paid.
- Targeting backups: The ransomware seeks out and encrypts backup files that are connected to the network, rendering the backup useless for recovery.
- Delaying encryption: These ransomware strains delay encryption so the code is copied into the backup and corrupts it.
- Shaming and intimidation: Ransomware operators troll the victim on social media or call the business to pressure the company to pay the ransom.
Make cyber-resilience a focal point of your security strategy.
Whether you’re battling a ransomware attack, cleaning up after a natural disaster, or recovering from a system upgrade gone wrong, overcoming major challenges requires proactively planning for both business resiliency and business continuity.
Although business continuity and business resilience sound like they serve the same purpose, it is critical to have a plan for both.
Business continuity is the company strategy for quickly re-establishing critical business operations after a disruption.
Business resilience is all the processes and policies that enable your organization to adapt to a changing environment by anticipating, preparing for, and responding to a disruption so the company can continue to meet business objectives.
In 2020, the world learned a valuable lesson about preparation and overcoming uncertainty. As we move into the next chapter, it is crucial that businesses apply these lessons learned and create new strategies for data protection. Download What's Next? Data Protection in a Post-2020 World to learn more ways to future proof your data security strategy.