These days, COVID-19-era data breaches are going beyond the standard CEO fraud, hacking, passwords exposed on the dark web, and other hot cybersecurity topics. Unfortunately for too many businesses, the data loss — from theft or otherwise — is getting worse.
This according to several studies published recently, including the Digital Guardian Data Trends Report, which paints an increasingly dire picture for organizations juggling plummeting employee morale, an increasingly heterogenous mix of devices accessing their servers from home networks, and hard-to-monitor employee data security practices.
According to the report, covering financial services, manufacturing, healthcare, and other businesses, employees copied company data to USB drives 123% more than before the pandemic's onset, with 74% of that data marked as "classified." Data egress over email, USB, and cloud services leaped 80%, with more than 50% of that data marked as "classified." Accompanying the spike in data copying is a 62% increase in malicious activity on corporate networks and servers, with a 54% bump in incident-response investigations.
The report states, "in times of economic uncertainty, employees tend to protect what they believe is theirs, and attempt to take sensitive data prior to being possibly laid off. That is the type of behavior our research is indicating and in some cases has proven to be true."
Whether or not the data loss is intentional, the fact that it is occurring at a much higher rate than prior to the WFH move suggests a massive gap between how small businesses are running their cybersecurity defenses when it comes to the additional complexity of the ever widening remote office digital footprint.
In another report, email security company Tessian found 35% of employees take company documents and data with them when they leave a job. Nearly half are less inclined to abide by safe data practices when working from home, despite 91% of IT leaders trusting them to do so.
Data loss also becomes harder to stop when employees work from home, according to 84% of the IT leaders surveyed. In addition, 54% of employees say they find workarounds when security policies prevent them from completing tasks.
This is one of the reasons why data loss prevention (DLP) is now one of the top spending priorities for IT leaders and why email is the threat vector most IT leaders are concerned about protecting. The question is: Do security, compliance, and IT leaders have true visibility over how their employees are handling and mishandling data on email? According to their research - not yet.
Sign of the Times
Of the COVID-19-specific challenges, one of the hardest for organizations to deal with has been the rapidly changing security landscape. There have been a lot of variables thrown into the mix very fast. There are now multiple endpoints connecting to the same network that employees are using to get their work done. It was a tough situation in the 'before' times, but in the COVID-era it's even tougher.
At the core of the coronavirus cybersecurity crisis looms the reality that most organizations didn't truly prepare for an event where all employees would be working from home for an extended period of time. The COVID-19 event has really brought the issue of securing the technology connecting to your network for employees, contractors, and customers to the fore. If you've taken steps to move quickly (to get people working remotely) but not correctly as it relates to your security and protecting your intellectual property, how long does it take you now to get to the baseline of security you had before this all began? We're concerned that most businesses are in very dangerous territory here."
Which, brings us to the all important question - did you setup your staff to work remotely or did you secure your staff while they're working remotely? Two very different sides of the same coin.
If you haven't addressed the security aspect of your staff working from home, now's the time as we're seeing the risk increase while the timeframe continues to extend.
Now, more than ever, this (securing your staff working from home) should be a key component of your approach to managing and securing your business and its critical information.
How tight is your work from home security? Have you addressed this or is it currently a part of your technology plan? Please share your thoughts in the Comment box below or shoot me an email if you'd like to chat about this in more detail.