COVID-19 has changed the way companies handle data security
According to data classification company Titus, the rise in remote working under COVID-19 has delivered far-reaching changes in how we do business, with significant implications for CISOs, compliance, and data governance officers.
It says that with high demands for accessibility, bandwidth, and data volumes under the pandemic, there is a challenge in keeping data safe, while allowing for access and usability to multiple user groups.
As data from multiple and often external sources continues to grow, difficulties around data management, control, and protection are a concerning factor for business.
“The forward-thinking companies, with technology development strategies already in place, were able to quickly adapt under the pandemic and act on the clear business opportunity to reinvent data protection and flexible user access,” says Titus data classification specialist, Adam Strange.
“The organisations that maintained a fixed mindset on data protection are today finding it more difficult to recover and harder to provide their users with the tools required to do their jobs safely.”
The expectation, states Titus, is that post-pandemic remote working will almost double from pre-pandemic levels, maintaining a centrally driven data governance strategy that will prioritise data security and regulatory requirements, while ensuring appropriate and safe access to information, whenever and wherever needed.
Strange says businesses must take the lessons learnt during the pandemic and expand past short-term security compromises, to future proof solutions that are technology and user focused, such as adapting data protection for new workplace environments.
He believes it likely that in a post-pandemic environment, employees will split their working hours between the home and office permanently. This means that organisations should look at the impact of high-volume remote working and how that might affect existing security controls.
Strange goes on to say that businesses that adapt well to a post-pandemic era will likely use automation, digital access technologies and the cloud to improve and create more efficient operations.
“Automation will help improve processing efficiency and reduce the burden on frontline security and data management staff,” he says.
“This will drive integration and automation as quickly as possible. Data classification tools will not only help organisations to protect their data by applying appropriate security labels but will also help educate users to understand how to treat different types of data with different levels of classification and sensitivity.”
According to Titus, businesses must apply and enforce PII data protection rules to safeguard personal data. Data leaders must be able to identify it, classify its sensitivity and level of threat if it was lost in any way, and apply usage policies and appropriate protection.
It says establishing a PII culture must be gradual and based on buy-in and defined responsibilities that are recognised and accepted from the top down.
According to the company, employees play a vital role in ensuring that a business maintains strong data privacy, and the ability to work with stakeholders and users to understand data protection requirements and policies is key.
It says security and data protection education should be conducted company-wide and must exist at a level that is workable and sustainable.
“Regular security awareness training and company-wide inclusive security culture within the firm will ensure that data security becomes a part of everyday working practice, embedded into all actions and the very heart of the business,” says Strange.
“A robust data protection protocol is critical for all organisations, and will particularly be the case as we move beyond COVID-19 into the new normal. Delivering optimal operational efficiencies, data management and data classification provision under post-pandemic budget constraints will be an ongoing business-critical challenge,” he explains.
“Data leaders must be selective and identify the combination of technologies, processes, and people investments that will deliver the greatest security controls to meet new productivity targets, to extend and support remote-working strategies and adequately support the ever-increasing volumes of data, now and into the future.”