Data security refers to the process of protecting data from unauthorized access and data corruption throughout its life-cycle. Data security includes data encryption, tokenization, and key management practices that protect data across all applications and platforms. And with the World Wide Coronavirus situation we should explore the following:
The New Security Situation
Data security is going to get harder before it gets easier. The coronavirus crisis impacts organizational security in three ways, one good and two bad:
- Less business travel and fewer meetings temporarily shrink the attack surface. One of the areas of the biggest risk to organizational security is business travel and meetings. These usually involve insecure Wi-Fi networks at airports and hotels, and opportunities for hacking, loss and theft.
- A massive increase in remote workers. Most organizations have already or will soon implement aggressive work-from-home policies for those employees who can do their jobs remotely. Make sure you have the tools and practices in place to monitor all anomalous activity, remote access events and data exfiltration points on employee home systems. Work from home employees will no doubt become ripe targets during the coronavirus crisis.
- Cybercriminals will exploit virus anxiety for social engineering attacks. The headlines are screaming, and the public is nervous. So malicious actors will seize the opportunity. In fact, it’s already happening.
Cybercriminals are seizing the opportunity to exploit nervous victims during the crisis. New coronavirus-related phishing attacks and other social engineering attacks have sprung up overnight.
Managing a Shared Crisis
When we think about enterprise risk management (ERM) — which is the planning ahead part — or enterprise crisis management — the actions you take during a crisis — we assume a unique crisis — something that affects our own organization or region, such as a catastrophic breech, ransomware attack or natural disaster.
What’s different about the coronavirus crisis is that it’s affecting all organizations. Why does that matter? Mainly, it adds additional unpredictability that you may not have accounted for in your ERM planning.
How will pressure on investors affect executive decision-making? How will recession-driven layoffs affect your ability to execute? How will changes or problems among suppliers and the supply chain affect your business. What is the impact among employees and contractors who cannot work remotely?
The essential character of this crisis is: unpredictability.
Here are the absolute minimum steps you and your organization need to take immediately to manage this massively unpredictable crisis:
- Appoint a cross-silo crisis response team that meets daily.
- Monitor government, medical, industry and local sources for updates for the team.
- Implement a communications plan to transparently inform all employees.
- Develop and implement a comprehensive crisis response.
- Develop or update, then communicate and enforce, a remote-work policy.
Your crisis management response must take priority and be tackled immediately.