Gartner Blog Network


Two Challenges for Data Security during COVID-19

by Mike Wonham  |  April 2, 2020  |  Submit a Comment

Data Security is seen by some as being the core reason for having security – especially for organisations who consider their data assets and how they process them as being how they make their money. Many organisations also look for compliance to privacy regulations as the relevant legislation continues to proliferate throughout the globe. COVID-19 is highlighting weaknesses in data security strategies but time and money does not support big changes.

A simplistic view of the problem is that data security is trying to maintain CIA, which combined also make up Privacy. There are many tools and approaches out there, including data governance, access control, classification, encryption and DLP. With these are many other tools – remember, your whole security architecture is to some degree oriented to achieving data security.

Your data security strategy will be addressing many threats.  But in this time of COVID-19 we are seeing massive (400%+ related to COVID-19) uplift in is social engineering attacks, whether through text, email, physical knock-on-the-door or something else. Phishing, and any of its derivatives, remains the leading initial stage of attack on a company.

You need to:

1) Stop data being leaked so that it can be used to fool people.
2) Stop people being fooled so that they can inadvertently allow data to be compromised

What can you do?

Defending your users by tools, education, and direct support is crucial. Phishers continue to become better, and the opportunity that COVID-19 gives them is huge and threatens to overcome your tools. Spend time with your anti-phishing toolset and processes to make sure they’re running well and keeping up with the threat.

Help your users. Now is the time to educate and support them, especially as they work from home and are facing unprecedented concerns. Keep communicating with them and reminding them about the threat against both their personal and professional lives.

Now is also the right time to revisit your existing data security controls, especially with work from home changes you’re undoubtedly seeing. Some basics that will help:

  • Have all your line managers perform an emergency access review to all your critical and regulated data.
  • Have your IAM teams double check employment status and get those unused accounts cleared out.
  • In these times of furlough and (sadly) layoffs, get your HR team to communicate employment changes promptly to the IAM team.
  • Make sure your AV systems are up to date, and especially focus on the user endpoint.
  • Double check your endpoint encryption coverage.
  • Double down on other existing data focused tools if you have them.

These will help protect your data from users inadvertent mistakes. It’s not a full list by any means. Gartner has published many documents on COVID-19 strategies. We also have much guidance on DLP, classification, encryption and all the other data security tools that are available.

First and foremost, however – stay safe. Nothing is more important than you, your family and colleagues. Our best wishes to you all in these troubling times.

 

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: security-of-applications-and-data-for-technical-professionals  

Mike Wonham
Sr Director Analyst I
3 years at Gartner
22 years IT Industry

Mike Wonham works in GTP Security, Identity and Risk, focusing on data security, classification, DLP, risk process and measurement, security governance and programs and security metrics. Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.