Industries Reopening: What Entrepreneurs Need to Know About the New Cybersecurity Landscape
There is a heightened need to be prepared and protected against cybersecurity threats
Different industries across the globe are preparing to reopen after the months-long lockdown. While for many people the return to normalcy is welcomed, others have concerns about how to safely and successfully operate in the new conditions. In fact, one survey found that 65 per cent of respondents were uneasy about going back to their jobs.
For entrepreneurs, there is a heightened need to be prepared and protected against cybersecurity threats. During the huge online shift that took place during quarantine, hundreds of malware was distributed, collecting personal information and holding corporate data ransom. Even more concerning, some hackers laid the groundwork for the malware months before the virus fully struck, in order to reap the rewards of mass data theft and system attacks.
As COVID-19 subsides, we know that cybersecurity threats are smarter than ever before, and are planned as long-term attacks. Already, more than 50 per cent of companies have said that cyberattacks and data fraud due to the sustained shift in working patterns are the most worrisome risk for their business. In the new normal then, entrepreneurs are responsible for adapting their existing operating models to keep their services secure and effective.
Here's what entrepreneurs need to know about the new cybersecurity landscape.
Heightened concerns over data handling
Data is set to play a crucial role as businesses resume. Contact-tracing apps and platforms are being used to help contain the spread of the virus by monitoring sensitive health and location information from employees, vendors, and customers. In India, New Delhi's contact-tracing app reached 100 million users a mere 41 days after its release.
However, concerns have been raised about the transparency of how personal data is managed in these apps, if it is sold to third-parties, and if it infringes on workers' rights. Especially considering that teleconferencing tool, Zoom, faced heavy criticism earlier this year for its poor privacy protocols, there is now a climate of mistrust around what exactly companies do with users' data.
Similarly, several hospitals and health institutions were targeted for data theft during the peak of the pandemic. Hackers trying to steal electronic medical records devised inventive ways to gain access to official databases, preying on staff who were overwhelmed with the onset of COVID-19. As the businesses start up again and staff are distracted adjusting to novel conditions, these companies could be the next targets.
In response, entrepreneurs that plan to use or launch similar data tools have to be extra vigilant in their legal and regulation compliance. Founders will need to conduct rapid privacy risk assessments, implement controls and develop systems that adhere to privacy law requirements for an extended period of time. Those who fail to prioritize secure data handling and communicate it to customers will struggle to gain trust in markets that are hyper-aware of privacy breaches.
Tools to monitor employee behavior
Human error is the main cause of 95 per cent of cyber security breaches. In the new state of transition, businesses and employees are vulnerable and need clear guidance of how to stay safe online. At the same time, entrepreneurs need to ensure they are reducing employee actions that form gaps in overall security.
Analytics tools for remote staff have become increasingly popular, tracking employee behavior online and using machine-learning to flag dangerous actions. Things like the files accessed, data downloaded, websites visited, and emails opened can all be surveyed by IT administrators or management. Keystroke logging and screenshots can also be utilized to identify at-risk employees.
Unified endpoint management (UEM) solutions have witnessed a boost too. UEM is software that helps businesses organize and control Internet-enabled devices from a single interface. Employee devices can be located at any time, plus historical locations can be retrieved, so to check which Internet connections have been enabled. Likewise, devices that have been compromised can be locked or wiped remotely, preventing further data leaks or threats to the wider network.
Both analytic tools and UEM can help entrepreneurs evaluate their employees' understanding of cybersecurity and high-risk behaviors. In turn, businesses can make smarter decisions about how to train staff and keep up-to-date on the most recent malware.
Prior to COVID-19, the global impact of a pandemic was not included in most companies' business contingency plans. As businesses reopen, entrepreneurs will have to revisit their incident response plans and look at how security threats that have emerged in lockdown can be predicted and thwarted in the future.
Additionally, entrepreneurs will need to conduct regular testing and updates of their security architecture, and integrate real-time capabilities for cybersecurity defenses. One significant takeaway from the past months is that malware has to be dealt with immediately, regardless of whether the correct personnel are in the office to respond.
In general, entrepreneurs will be expected to have more in-depth knowledge of how complex systems work, including the digital business and the cybersecurity health of the entire organization. Gone are the days of IT teams being solely accountable for how companies are protected online and how their defenses function. All staff members will need a moderate grasp of processes, but founders in particular need to be equipped with the details. That's not to say the roles of CIOs and CISOs won't matter—on the contrary, they'll be more important than ever before—but that cybersecurity will have to be a collaborative effort.
Not to mention, during upcoming funding rounds, it's guaranteed that investors will want to know how businesses are staying safe in the post-COVID-19 online landscape.
'An essential component to business survival'
The pressure for companies to digitize quickly and cost-effectively has accelerated awareness of security bugs and privacy-abusing practices for business leaders. Amid the mass influx of online companies, cybersecurity is an essential component to ensure business survival.
Entrepreneurs should review the technology and steps that were put in place during the pandemic and consider how to iterate these moving forward. Ask 'what do we need to protect, what’s the value of what we are trying to protect, and how secure is it for what we’re spending?' Remember, simply preventing malware attacks is no longer a sustainable business model—building a robust strategy to react, block, and learn from attacks is much more effective.