One of the key things that determines the success of a business is its ability to weather a crisis. In that sense, 2020 has been a test like no other. Organizations around the world have had to adapt to rapidly changing circumstances brought about by the COVID-19 pandemic.
We’re now living in a time where the terms “social distancing” and “lockdown” don’t sound preposterous and require zero explanation. Over the past few months, nonessential businesses around the world have had to shut down their offices, and employees have had to work from home. While we’ve seen the steady easing of some of those restrictions, I believe the impact of this pandemic will be felt for several years.
Working remotely, at least for some, has become the new normal. Most businesses have already gotten over the initial hurdle of chatting on Slack or dialing into Zoom or Microsoft Teams meetings. But what about the tougher enterprise-wide challenges? What is next in terms of data privacy and infrastructure security post-COVID-19?
Cybersecurity: An Invisible Threat
The recent crisis has been a time of concern and anxiety for most of us. But for others, it has been a time of opportunity. Cybercriminals are opportunists who will gladly take advantage of a situation to disrupt an organization, steal its passwords or compromise its data. In March, a global cyberattack targeted people looking for graphics that illustrated the spread of COVID-19.
In April, Cognizant, a global IT solutions company, had to email its clients to inform them that their data had been compromised. Hackers from the cybercriminal group Maze are thought to have deployed their ChaCha ransomware long before anybody noticed, and they stole data and administrator credentials for weeks. This particular ransomware would encrypt data on Windows machines and demand payment before giving access back to the user. It would also copy files and threaten to publish them or sell to the highest bidder.
Ransomware is particularly dangerous when working remotely because it can take advantage of individual users when they’re on their own. During prolonged periods of crisis, people are also more prone to mistakes and misjudgments. Combine this with the technical challenge of securing a workforce that’s spread far and wide, and you have a real challenge on your hands.
Building Better Security Habits
Ransomware, phishing scams and even plain old viruses all share a familiar trait: They’re mostly dependent on human users taking a specific action in order to initiate a breach. All it takes is an inadvertent click on a malicious link, the download of a seemingly normal file or entering log-in credentials on a web page that looks no different than what you’re used to. These breach attempts can be thwarted by educating your workforce and building better security habits.
A phishing scam can be recognized immediately if the sender’s email address doesn’t match the one you have on record for that individual. In most browsers, you can now hover over a hyperlink to get a preview of the URL it leads to. Instead of sending large attachments via email, making them vulnerable to interception, it’s better to use a shared file system. It’s also good practice to use a dedicated channel to chat on such as Slack, Teams or Skype for Business rather than juggling WhatsApp, SMS texts or Messenger. This has the added benefit of keeping work communications separate from personal ones — another good habit to get into when it comes to remote working.
These habits may already be ingrained in your workforce. If so, then well done! But there are thousands of large-scale organizations out there with hundreds or thousands of employees who have had to adapt to working from home with no prior advice or training on what good security habits are. Outside of revamping your security infrastructure, education is the single best initiative you can undertake to ensure your business stays safe during a crisis.
Secure And Consolidate Data Infrastructure To Make Agile Decisions
In many businesses, VPNs were already standard day-to-day tools employed for remote work. As this crisis evolved, use of VPNs inevitably skyrocketed. That’s a fairly inevitable consequence of the situation. A slightly more subtle version of data infrastructure is the access to real-time decision-making information. While business leaders previously may have relied upon face-to-face updates, that is now less realistic, unless you really want to spend your entire day on update video calls. The need for real-time digital information is as critical as ever. Thankfully, the tools available for decision-making and remote management of a business have been evolving for years.
The major challenge that most businesses still have, however, is not having the right data at the right time. It’s not the lack of tools; rather, it’s more a lack of data engineering or “data plumbing” skills to get the data from various sources to a consolidated dashboard where it can be used to make meaningful decisions quickly. It is sadly still a dream for many business leaders to have all the information they need for sensible decision-making at their fingertips. This is not a short-term problem, but it is one that will be felt more acutely in these times. The only way to address this is by defining what you need, understanding its contextual use and then implementing the dashboard. It may take time and it may take more thought than you really want to dedicate to it, but the long-term payoff is worth it.
2020 has posed an unprecedented challenge for businesses. While some may have fallen, those that come out of the other side are likely to emerge stronger. Much like the cybercriminals that see these uncertain times as an opportunity to cause havoc, perhaps businesses could also view the pandemic as an opportunity to steel themselves and build a more resilient, futureproof way of working.