Cybersecurity After Coronavirus: Best Practices for a Better Defense of Data

The COVID-19 pandemic changed life in ways that could have never been foreseen. When social distancing directives were first given, many believed these to be temporary and felt that their impact on business would be minimal.

As the days turned into weeks and weeks turned into months, it became clear that business practices would need to be altered. The resulting new economic reality changed how businesses marketed themselves, interacted with their customers, and interacted with their employees. It forced businesses to reevaluate their technology infrastructure and the cybersecurity measures they had in place.

The Emphasis on Cybersecurity Is Not New

Cybersecurity has always been important for businesses. The last thing any organization wants is for their name to be linked with a major security breach that puts their personal information and the information of their clients at risk. With the Cybersecurity Ventures report stating that cybercrime costs will hit $6 trillion annually by 2021, you can’t go cheap on your company’s cybersecurity. Therefore, things like securing your devices by using VPN solutions with strong encryption, strong passwords, and other cybersecurity measures must finally be taken seriously.

However, most businesses were not prepared to have most of their workforce working remotely. Many organizations had an e-commerce footprint. Now, post COVID-19, e-commerce has become the primary way they are selling their product or service.

All of these changes have led to companies needing to implement new IT capabilities on the fly. As with anything that is rushed, these ad hoc IT capabilities have bypassed normal development, approval, and deployment processes. As a result, existing cybersecurity policies have either been stretched to their limits or completely violated.

Cyber criminals have been looking for ways to take advantage of weaknesses caused by the sudden shift in employees, students, and buying practices around the world. In some ways, cyber criminals have proven themselves to be more adept at reacting to this pandemic than organizations looking to keep themselves, their customers, and their employees safe.

A Glimpse at Cybersecurity Post COVID-19

A post COVID-19 world seems to be one where adaptability, flexibility, and agile thinking will be the keys to cybersecurity success. As the number of COVID-19 cases rise and fall, social distancing measures fluctuate. Organizations may need to change the way they interact with their employees and customers based on whatever is considered normal at the time.

This means that IT and cybersecurity are going to be driven in part by the pandemic. Organizations will need to constantly evaluate their cybersecurity response and make strategic adjustments in business processes, cybersecurity controls, and enterprise architectures with the goal of achieving long-term cybersecurity strategies.

If the weekly news of cybersecurity breaches has taught us anything, it’s that even in the best of times there is a disconnect between most organization’s cybersecurity policies and the actual threats on the ground. Businesses react to the actions of cyber criminals as opposed to preemptively securing their network and environment.

Many are content to put up defenses that protect them from the virus, malware, or phishing scams that affect their competition as long as they can avoid becoming victimized. This reactionary response may have worked okay in the past, but in a post COVID-19 world it is woefully inadequate.

Organizations need to analyze trends in cybersecurity and look at the changes they and other organizations have made to determine which ones should become a permanent part of their cybersecurity response. They will also need to identify which procedures and protocols that were hastily put into place immediately following the announcement of COVID-19 need to be removed.

Any changes that are made need to be viewed from the standpoint of how they can provide protection now and from unforeseen threats. Post COVID-19 cybersecurity must be agile and allow businesses to react to sudden changes while maintaining a secure infrastructure.

Changes in the Work Environment That Are Expected to Become Permanent

Remote Working

The remote work environment is expected to continue to play a prominent role in business even after the pandemic is no longer threatening the world’s health. Businesses can prepare for this by getting sufficient on-demand bandwidth to keep content flowing freely. This is especially important with videoconferencing between employees, clients, and customers who live in a geographically dispersed areas.

Hackers are targeting Internet-based Remote Desktop protocol. This is the system that makes remote access of systems and servers possible. Organizations will need to determine whether its use is justifiable or if it is creating an unnecessary weak point of vulnerability.

The Use of Cloud Services

The expanded use of cloud services is also not expected to change. Several organizations have migrated to cloud services in the past few months. Although they were forced to change in order to respond to the pandemic, they are now benefiting from the efficiency, cost savings, security benefits, and resilience cloud solutions offer. For all of their benefits, though, cloud services require deliberate and strategic management.

This means that organizations need to adopt strategies for which cloud services can be used and how they will be used. They should know what cloud storage services they are using with the goal of minimizing the use of multiple services. This will also require creating clear storage policies and communicating those to all who would have access, including workers, management, clients, and other partners.

Strong Cybersecurity Policies

Cybersecurity policies will need to be frequently reviewed. This would include evaluating the pros and cons of IT capabilities, processes, and architecture. They should consider risk assessment a normal part of doing business. Strong passwords, multi-factor authentication, automatic log out for devices unattended by on-site and remote workers, and single sign-on policies will need to be evaluated.

The goal of all of this is to minimize the chances of becoming a victim of cyber crime. However, if there is a breach, organizations will need to have a strong response plan. They should have contingencies in place that reflect the new realities brought about by the pandemic. If an organization does not have a cyber incident breach response plan, now is the time to make one. Live tests should be performed periodically to evaluate the effectiveness of the breach response and to make adjustments.