Rise of data security in the new remote work model

As organizations are now widely adapting to the new reality that is remote working, a new connected world has emerged at a pace faster than anticipated. It’s a world embracing digital transformation across every walk of life and business. And while the movement of people is restricted, the movement of data needs to be more streamlined, which is driving the need for efficient data management policies.

While majority of the enterprises are equipped to use smart devices and Wi-Fi at home for remote access, Work from Home was occasional and didn’t pose a great threat to compromising an organization’s cyber security. However, under the present circumstances, with almost all the employees now working from home it is critical for organizations to outline a robust cyber security strategy to safeguard their data and IP.

Various cyber security experts have pointed out the internet bandwidth issues regarding the domestic Wi-Fi networks due to the increased migration of organizational data to personal networks and devices. Furthermore, since home networks aren’t as secure as their corporate counterparts, every time an employee gains access to their office network remotely, they unintentionally create vulnerabilities for cybercriminals to exploit.

Most of the employees are using their personal computers and smart phones to host virtual meetings, wherein critical data is shared. However, these devices aren’t equipped with proper security tools and antivirus, which can further increase the risk of potential malware injection both on personal devices and corporate servers/cloud. This is especially the case with small scale companies which lack the required infrastructure, devices or security support and cannot assist their employees working remotely. The challenge for them is figure out a way to keep their business connected and secured.

The concerns around secured exchange of information are growing as enterprises deal with challenges pertaining to hardware, safe network, data encryption and virtual access to confidential information. These critical challenges are driving CTOs and CIOs globally to embrace digitalization and to make sure that not only their remote working capabilities are robust and secure, but also forward looking.

Precautionary measures to protect the data
Organizations should start training the workforce across the value chain on the basics of cyber security such as identifying and using a router with embedded hardware security at their homes. They should test for a secure remote infrastructure to ensure that they can support the expected increase in remote access. They should implement Virtual Private Networks (VPNs) that can bypass geographic restrictions and are unaffected by intercepts.

The extended VPN across a public network offers employees virtual access to the company’s assets. VPN technology provides safe paths to information not only to newly-remote employees, but also to people in places with restricted access to sources of objective data. According to a report by ExpressVPN, India witnessed a growth of 15% in VPN usage since end-February. VPN usage has been in great demand since last few months and the usage is expected to rise.

Here are 3 tips for protecting your data:

* Use Secure Encrypted Drives (SEDs) to encrypt user data and lock data during transport
* Utilize AES 256 encryption (ISO/IEC 18033-3) and hard drives that are Common Criteria certified. (ISO/IEC 15408)
* Practice end-of-life data erasure on devices.

In today’s business environment, data creates value and is a vital business asset that needs protection, round the clock. That is why security analysts recommend a complete range of solutions that include both software and hardware-based encryption. Along with instant access and maximum storage performance, comes the realisation that encrypting every bit of your business data is the only viable solution to counter cyber security threats.

As the industry is migrating to the cloud, it is critical for organizations to ensure that the customers can avail the highest level of encryption possible — encryption that complies with the strictest government standards. Such security is possible only through an authentic, protected and proven technology solution.

Most vulnerable data
As per IDC’s white paper on the Data Age, by 2025, almost 90 percent of data created in the global datasphere will require data security of some level. Most of the data in the form of medical records, corporate financial information or PII (Personally Identifiable Information) already has hard security requirements.

However, soft data generated at endpoints such as smart phone photos, digital video streaming, public website content, and open source data, is not adequately secured with hard settings, at present. Here are 5 categories of data which would grow in terms of security requirements:

Lockdown: Information requiring the highest security, such as financial transactions, personnel files, medical records, and military intelligence

Confidential: Information that the originator wants to protect, such as trade secrets, customer lists, and confidential memos

Custodial: Account information that, if breached, could lead to or aid in identity theft

Compliance-driven: Information such as emails that might be discoverable in litigation or subject to a retention rule

Private: Information such as an email address on a YouTube upload.

The gap between unsecured data versus data that should be protected illustrates a pressing issue – there is an increasing need for security, and the technologies, systems, and processes to provide it.

Cyber-hardening protocols
Data is exposed to threats even when at rest. To safeguard this data, cyber-hardening protocols for hard drives and SSDs are two of the most reliable technology solutions. Software encryption, pseudonymization, hardware encryption and secure erase are the most effective mechanisms to secure data.

Self-encrypting drives are an especially attractive option because if a breach occurs, a company does not have to publicly report the incident as the data would be encrypted, according to GDPR. This can save customers thousands of dollars in crisis communications and reputation damage. This is the time for integrators and IT professionals to be well trained, equipped with surveillance data security measures, and deploy best practices to protect organizations from cyber vulnerabilities.

Sameer Bhatia

The author is Director of Asia Pacific Consumer Business Group and Country Manager for SAARC & India, Seagate Technology.

Leave a Reply

Your email address will not be published. Required fields are marked *