Give your data protection processes a COVID-19 health check
by Sheena Chin, MD, ASEAN, Cohesity
As employees continue to work from home at an unprecedented scale, how can corporate IT teams navigate unforeseen data protection challenges?
COVID-19 continues to dramatically affect everyday life and the global economy. As the uncertainty of the virus impacts workers in countries around the world, including Singapore, many businesses are still determining the best way to enable remote operations for vast numbers of employees and for longer periods of time. This is absolutely the case for the IT community.
Weeks ago, employees left the office with corporate data and assets, with IT teams having precious little time to prepare. Ideally, business continuity plans have been initiated, but that may not account for the current situation. For IT leaders, this situation, for some time, has been putting stress and strain on IT resources that must stay on top of their highly distributed workforce. Keeping productivity high and eliminating IT-led outages remain important priorities. They also need to ensure that data remains accessible and as secure as if employees were on-site within the corporate firewall.
To overcome avoidable mistakes during this unusual time, IT departments should evaluate whether the following steps have been implemented to ensure the health and security of business data.
Update IT policies and use tools for alerts about unusual activities
The influx of employees working at home increases the attack surface of organisations and raises their threat profile. Since February, security researchers have seen a spike in attacks. IT leaders should take this time to re-evaluate and update IT policies to support a remote workforce. To counter attack threats, IT teams can also use tools at the organisation's disposal to set up alerts about unusual activities, such as permission changes, volume storage increases, and high volumes of data being moved. Mobile apps from these vendors can also make it easy to spot issues before they arise.
Share information with employees
Right now when many are stressed and distracted, employees are more likely to fall for phishing scams. We are seeing that thousands of new domains and sites are being developed each day to host phishing attacks and lure unsuspecting victims into clicking links that download malware. IT teams should send employees a list of valid URLs for their reference, or use whitelists for any client-based content monitors. The more knowledge employees have, the less of a chance of them becoming a target.
Let employees know how the IT department will reach out
If you haven’t already done so, make sure to communicate all the ways that the IT department can communicate with employees including the official channels that will be used (i.e. via a helpdesk system, content manager, specified email addresses or messaging systems, such as Slack and Microsoft Teams).
It is common for malicious agents to try social engineering in these times by calling executive assistants, claiming to be IT and attempting to obtain password information under the guise of needing to reset executives’ passwords, for example. These acts could compromise the entire infrastructure.
Think about where you keep your backups
It is common industry advice to adopt the 3-2-1 rule when it comes to backups: having at least three copies of your data, two backups and the original production data copy. The two backups should be on at least two different types of media with at least one backup offsite or in an immutable state (e.g. on a local disk and in the cloud).
Educate employees about how to conduct backups locally
If employees have the ability to restore their computer in the event of issues, it is critical they understand the importance of backing up their data properly, and what to do in the event of an issue. Communicate with them about how to conduct a backup, where to store files and when backups should take place to minimise negative effects on their live environments. It is also a good time to reshare the organisation's backup policy, so everyone knows what happens in the event of a major issue.
As employees continue to work from home at an unprecedented scale, how can corporate IT teams navigate unforeseen data protection challenges?
 |
| Source: Cohesity. Chin. |
COVID-19 continues to dramatically affect everyday life and the global economy. As the uncertainty of the virus impacts workers in countries around the world, including Singapore, many businesses are still determining the best way to enable remote operations for vast numbers of employees and for longer periods of time. This is absolutely the case for the IT community.
Weeks ago, employees left the office with corporate data and assets, with IT teams having precious little time to prepare. Ideally, business continuity plans have been initiated, but that may not account for the current situation. For IT leaders, this situation, for some time, has been putting stress and strain on IT resources that must stay on top of their highly distributed workforce. Keeping productivity high and eliminating IT-led outages remain important priorities. They also need to ensure that data remains accessible and as secure as if employees were on-site within the corporate firewall.
To overcome avoidable mistakes during this unusual time, IT departments should evaluate whether the following steps have been implemented to ensure the health and security of business data.
Update IT policies and use tools for alerts about unusual activities
The influx of employees working at home increases the attack surface of organisations and raises their threat profile. Since February, security researchers have seen a spike in attacks. IT leaders should take this time to re-evaluate and update IT policies to support a remote workforce. To counter attack threats, IT teams can also use tools at the organisation's disposal to set up alerts about unusual activities, such as permission changes, volume storage increases, and high volumes of data being moved. Mobile apps from these vendors can also make it easy to spot issues before they arise.
Share information with employees
Right now when many are stressed and distracted, employees are more likely to fall for phishing scams. We are seeing that thousands of new domains and sites are being developed each day to host phishing attacks and lure unsuspecting victims into clicking links that download malware. IT teams should send employees a list of valid URLs for their reference, or use whitelists for any client-based content monitors. The more knowledge employees have, the less of a chance of them becoming a target.
Let employees know how the IT department will reach out
If you haven’t already done so, make sure to communicate all the ways that the IT department can communicate with employees including the official channels that will be used (i.e. via a helpdesk system, content manager, specified email addresses or messaging systems, such as Slack and Microsoft Teams).
It is common for malicious agents to try social engineering in these times by calling executive assistants, claiming to be IT and attempting to obtain password information under the guise of needing to reset executives’ passwords, for example. These acts could compromise the entire infrastructure.
Think about where you keep your backups
It is common industry advice to adopt the 3-2-1 rule when it comes to backups: having at least three copies of your data, two backups and the original production data copy. The two backups should be on at least two different types of media with at least one backup offsite or in an immutable state (e.g. on a local disk and in the cloud).
Educate employees about how to conduct backups locally
If employees have the ability to restore their computer in the event of issues, it is critical they understand the importance of backing up their data properly, and what to do in the event of an issue. Communicate with them about how to conduct a backup, where to store files and when backups should take place to minimise negative effects on their live environments. It is also a good time to reshare the organisation's backup policy, so everyone knows what happens in the event of a major issue.
Comments
Post a Comment