By the beginning of Q2 2020, it was becoming very clear to the world’s CIOs that business was about to get weird. By the end of that quarter, IT was in the thick of it, trying to support a suddenly remote workforce, maintain business continuity, and deflect an increase in cyberattacks all while grappling with the uncertainty of a global health crisis.
With many adults getting vaccinated and businesses beginning to resume somewhat normal operations, we’re starting to see some light at the end of the tunnel. But as we navigate the new normal in business, it is important for CIOs to use the lessons learned in 2020 to drive changes in how they prioritize data protection going forward.
4 Ways COVID-19 Impacted Data Protection
Ransomware has been a growing security threat for several years, but COVID-19 opened the floodgates. Ransomware operators took advantage of distracted employees using less-secure home internet connections to launch pandemic-themed phishing scams and ransomware attacks.
Operators also increased the frequency of their attacks and specifically targeted healthcare and COVID-19 research facilities because of the likelihood they would pay the ransom to avoid a major disruption.
When COVID-19 burst onto the scene, many IT teams were forced to do a complete pivot to support and secure a remote workplace they weren’t prepared for. With inadequate equipment and too few devices to go around, many employees had to access company files and applications using their personal devices, which they often shared with family members.
RDP and VPN were already popular ransomware attack vectors, but with millions of new users connecting from public or unsecured home Wi-Fi, it became even easier for ransomware operators to infiltrate company networks.
Many organizations’ disaster recovery plans got major reality checks when employees were sent home to work practically overnight. Crisis teams had planned for recovery after hurricanes, tornados, power outages, and ransomware attacks. What they hadn’t planned for is how to implement the plan when operations were suddenly 100 percent virtual.
SaaS solutions saved the day for many businesses during COVID-19. But when the bulk of your data, applications, and productivity suddenly relies on a platform like Office 365, data protection shoots to the top of the priority list. Microsoft’s shared responsibility model covers their data centers and delivery of their services, but backup, storage, and disaster recovery are on the user.
5 Post-COVID-19 CIO Data Protection Priorities
In the wake of COVID-19, CIOs need to reprioritize data protection in a way that anticipates the unexpected and prepares for the unthinkable.
Here are five of the main areas where security deficiencies were put in the spotlight due to the pandemic—and how CIOs can amend their data protection strategies to address these deficiencies and future-proof the organization.
Secure Remote Workers
Despite the initial scramble to support a remote workplace, many companies saw value in this model and plan to continue it at least some of the time.
For this model to work in the long term, CIOs and IT teams will need to put safeguards in place. At a minimum, there needs to be an emphasis on enforcing device usage policies, configuring remote desktop access properly, and updating access management processes with strong password policies, Zero Trust initiatives, and multi-factor authentication.
COVID-19 accelerated digital transformation in many organizations, leading to increased reliance on the cloud for data sharing and productivity.
Cloud storage and backups play a large role in this move to the cloud. Cloud service providers offer the necessary data protection for Office 365 applications, the cloud is easily accessible by remote and on-site employees, and IT can store air-gapped backups in the cloud to eliminate the risk of corruption during a cyberattack.
Security Awareness Training
With the frequency of cyberattacks on the rise and more employees working outside the company firewall, CIOs need to make sure employees are well educated on cybersecurity best practices.
The most efficient way to ensure employees get the most out of the experience is to invest in a security training program that can be customized for your business; offers frequent, fresh content; and includes phishing/ransomware readiness tests that provide data showing where the company’s biggest weaknesses are.
Business Continuity/Disaster Recovery
Post-pandemic CIOs must evolve their business continuity and disaster recovery strategies to enable a fast and seamless conversion to 100 percent virtual operations. To make this feasible, IT must focus on redundancy, flexibility, and automation technology that adapts to rapidly changing scenarios.
AI and Machine Learning
The future of data protection is being driven by artificial intelligence. For the highest levels of data security, CIOs will need to upgrade existing cybersecurity and data protection solutions to ones with intelligent automation that targets responses to specific threats and machine learning that can adapt and detect new and evolving malicious technology.
Data protection in the wake of COVID-19 has to evolve to meet threats where they are. Download The 2020 Data Attack Surface Report to learn why data and ransomware protection are more critical now than ever before. (Hint: There is a tsunami of data heading our way over the next five years, and the cybercriminals can’t wait.)