In the wake of an unprecedented pandemic, the year 2020 has seen organisations across the Middle East take drastic measures to protect their employees from COVID-19. By enabling remote working, an initiative recommended by experts, including the World Health Organisation, businesses in the UAE adapted swiftly to safeguard employees and the public against catching the virus.
For many companies in the region, and particularly the UAE, remote working has since become something of a ‘new normal’. Having proven successful thus far, this new work environment has shown immense potential for improved business efficiencies as well as a better work-life balance for employees in the post COVID-19 era.
This presents an exciting opportunity, and a great leap forward in the digital transformation of the region. Yet, when it comes to company data, employees will have to operate in less controlled surroundings while managing this data from their home offices. That is why it is critical to have a strategy in place that protects company-wide data, as well as preventing potential malware threats. This applies to the post COVID world as much, if not more, than it did when company data was exchanged on site. With employees saving their data to local drives on their laptops or to the public cloud when working remotely, the potential of data protection challenges as well as compliance challenges rise significantly. This can create a huge pool of unstructured data that could be invisible to the business well into the future.
The substantial increase in people working from home has also presented more opportunities for cyber criminals to successfully target workers with phishing e-mails, capitalising on the panic and uncertainty triggered by the COVID-19 crisis. According to recent findings by one AV company, consumers and businesses in the UAE suffered more than 600,000 phishing attacks at the height of the COVID-19 stay-at-home measures. Such attacks frequently end with employees unwittingly infecting company systems with latent or undetected malware upon return to the office, posing a real danger to company data.
Therefore, it is more important than ever for companies to keep their house in check, and have complete visibility on data management, while simultaneously safeguarding data against becoming redundant, obsolete and trivial (ROT). ROT data not only impacts a business’s overall efficiencies, but ultimately affects its bottom line. In the case of remote working, businesses need to systematically audit those systems which are accessible remotely and develop contingency plans for those that aren’t. Systematic auditing also needs to be in place for a business to see where the gaps might be in the event that employees shift the locations to which they save data, and modify policies to close those gaps, if possible, within the timeframes available.
Most importantly, businesses must ensure policies are communicated to, and understood by, all employees in order for them to take heed of the risks associated with storing data to drives that aren’t protected, fail compliance requirements, or even fall victim to malware and ransomware attacks. A company’s protection against any threats to its data is only as strong as its weakest link. Therefore, arming employees with the knowledge they need to practice secure email and browsing habits can prevent many ransomware attacks.
It’s also critical for businesses to have backup copies of their data that they can use in the event that their primary data is attacked. We recommend businesses adopt the “3-2-1 rule”, within which organisations have three copies of their data, two of which are on different storage media and one that is “air-gapped” in an offsite location. With an offsite data backup solution, businesses have the option of simply restoring their data if they are ever locked out of it by criminals exploiting weaknesses in systems.
As we begin to adapt to this ‘new normal’ of remote working, data will increasingly take centre stage. With data growing so incredibly fast in the region, it will require more strategic approaches to smarter management and protection. You can’t protect what you can’t see, and that is why data visibility is intrinsic to data protection. Only through this will companies be able to put the right policies in place in order to reduce the risks associated with growing data, and ultimately safeguard their data for successful business continuity, post COVID-19 and beyond.