Data security considerations for the new normal
The global pandemic has thrust us into an era of increased digital mobility, remote work and education. It’s encouraged so many businesses to take the leap towards the cloud or to spin up virtual desktops and VPN access to ensure business continuity. In addition, we’ve seen huge spikes in content streaming and bandwidth challenges across telecommunications networks – all of which places data centres at the forefront of this heightened digital world.
With increased data use, the volume of malicious actors seeking to infiltrate company systems has also risen — the recent Twitter hacks show that anyone can be at risk. Since March, companies have rushed to get all but the most essential employees working remotely, but it’s likely that in doing so, some security issues may have been overlooked.
Now that most organisations have dealt with the logistical challenges of getting everyone up and running at home, it’s a good time to check that no critical security corners were cut in the process. As we look to this next period, it’s also important to consider what cyber and physical data centre security protocols will look like in the new normal – as we bed down a more flexible approach to working and an increased reliance on data for the foreseeable future.
Did you cross the t’s and dot the i’s as WFH became a fast reality?
The pandemic response was varied. Some organisations scrambled to move staff to a work from home (WFH) model and others were better prepared. Either way there has been an accelerated move toward cloud and undoubtedly some shortcuts taken. The question for some was whether these risks were quickly mitigated or whether there are any lingering gaps in security protocol. In one instance, a 30,000-strong workforce was moved to a WFH model and whilst there was an in-office capability to use two-factor authentication to protect their data, there were not enough licenses (by far) across the organisation for individual at home use, nor were they readily available to purchase and implement at a pinch. So, this important measure was temporarily scrapped to prioritise the health of their workforce.
Maintaining security from home
Other business have come unstuck when trying to implement what are normally regular security measures. As the office and home merged, and businesses worked to ensure that physical security risks were navigated as smoothly as they could, there was also a merging of office hours with home life. Parents who would normally do a 9-5 day were suddenly working early mornings and evenings, or into the night, to ensure they could also support their kids’ remote education. Consequently, simple security activities like patching and backing up data, weren’t completed as there were unexpectedly users on devices 24/7. Five months into the pandemic, organisations are now managing situations like this better using clear scheduling, preparedness and communication protocols.
A national callout and the simple measures you can take
The heightened security risks that we’re seeing as a result of such dramatic work and home lifestyle shifts are so great that the Prime Minister and the Australian Cyber Security Centre (ACSC) issued warnings to business to be more aware and monitor cyber activity to protect data. In Australia, cyber actors are using copy/paste threats from years gone by to attack data centres and cloud providers.
This is not new news if you’re on course with your security risk mitigation, however many businesses are not. The reason cyber actors are able to reuse old tricks is because organisations do not, or have not followed basic cyber hygiene. This is where they can come unstuck, which we have seen already in the Toll Group, Lion Nathan and this week with Garmin, who had a huge internal cyber breach that has heavily impacted their customers’ ability to access their data and use their devices.
Protecting your data centre
Protecting data and devices at the individual level is one factor, but organisations also need to be aware of the broader environment in which their information is stored, especially with more devices connecting to their systems than ever before.
The simple security hygiene measures that companies should be aware of, practicing, and/or asking of their data centre providers include, at a basic level; patching; backing up backups, improving phishing awareness among staff, upgrading VPN capacity, protecting endpoint devices, and disaster recovery planning. Managing data centre security (both physical and cyber) is changing, with a greater ability for technicians to provide remote support. On-site features like multi-factor authentication, 100% uptime and backup systems have also increased in use across this period.
If you’re unsure whether your data and data centre security practices are up to par, a colocation provider like Macquarie Data Centres can provide this counsel. Partnering with a provider that has stringent security protocols is one of the best ways to support your employees and customers, now and into the future. To give our own customers a level of confidence that we practice what we preach, we ensure our claims are audited and certified based on evidence. As a trusted partner of the Australian Federal Government and global Fortune 500 companies, it’s critical to demonstrate our ability for IT security and good governance. Supported by over 100 NV1 federal government trained and certified engineers, we’re one of the world’s most certified data centre providers. Want true peace of mind in this new normal? Contact us today.