By Barry Cook – Privacy & Group Data Protection Officer, VFS Global
The COVID-19 outbreak and its consequences have led to radical changes in businesses and the way they interact with other businesses, consumers, investors, and most importantly – employees. With offices having been empty for over a year, and corporations under pressure to stay afloat in these strange times, employees had to adapt to new modes of working almost overnight. The most significant enabler of this new reality is having a robust and layered network of digital infrastructure – which can scale in proportion to the remote working requirements. This has pushed enterprises to restructure critical areas of operation, and work towards aligning business goals with security imperatives.
The last decade or so has witnessed considerable investments into IT security, due to increasing awareness about the role of data privacy and protection in a digital economy. The pandemic has only reaffirmed the importance of this and pushed organizations to rethink their policies and regulations around data. Everything from how data is collected, stored, processed and shared is now being re-evaluated through the lens of decentralized data access and remote working.
To begin with, security teams need to start working in sync with the business to foster a culture of data-resilience. Cyber-security professionals can no longer afford to work in silos, and instead have to work towards establishing data protection as a horizontal embedded into the actual business, and not a secluded IT-driven backend function.
Firstly, enterprises need to establish clear regulations over the new remote working model, while also allowing flexibility for a potential hybrid model (part-time home and office working) in the future. Among other things, this would involve heightened security for emails, multi-factor authentication, robust cloud-security configurations, prompt bug-fixes that could have potential security gaps – essentially, creating an air-tight and robust security infrastructure for a distributed workforce.
In addition to a foundationally secure infrastructure, security teams today need to have a near-zero TAT on detection and resolution for occurrences of cyber-fraud, implementing fixes and alternative controls in real time. Eventually, as security controls are embedded into the business itself, incidents of fraud become easier and faster to detect.
Given how especially vulnerable data centres are right now, given the distributed, less secure access and near-constant threat of malicious actors, there is a greater need to establish alternative, stronger conventions for communication with central servers, secure systems for physical backups in case of failures at main-servers, etc. In short, security practices need to be centred around a zero-trust policy coupled with vigorous identification protocols, in order to establish both security and confidence within the organization, while working over unfamiliar networks.
As we make a potentially long-term switch to remote or hybrid working, and work behaviour evolves, the emphasis on data security needs to be reiterated with increasing frequency. A multi-layered security system that not only protects the enterprise from the background but is also entwined with the fabric of the business is the need of the hour. The hope remains that these security protocols will soon become a norm, and not a novelty.