Data is the most important asset any business has, and they have long been aware of the importance of keeping it safe. Even before everything was connected, diligent employees backed up hard drives and filled CD-Rs with crucial data. Rightly so – keeping multiple copies remains a core tenet of data safety. But when internet connectivity became commonplace, the focus shifted from data integrity to data security. Data stored in the wrong place or left open to outside access could now very easily fall into the wrong hands without a disk going missing – or even, perhaps, any evidence of a breach at all.
As we have moved towards a reliance on cloud storage, more and more data has become readily accessible to those determined to access it. Ransomware, in its various forms, makes data breaches a profitable and subsequently more common occurrence – all while rules and regulations surrounding data management have evolved to make such a breach significantly more damaging to the reputation and finances of an organization.
New challenges for data
It’s arguable that the transition to the cloud was only a midpoint. We have now reached an explosion of connected data. Propelled by the pandemic, hybrid and remote working has become not just an outlier but the norm for many. 40% of British adults work from home at least once per week, and a third of those performing hybrid or remote work would rather resign than return to the office full-time. Remote job postings may be dropping, but out-of-office work is not going anywhere.
Remote employees may be tempted to use personal devices for work purposes, negating any protections which have been applied to certified hardware. They may become relaxed with their attitudes to data storage, leaving sensitive documents on unencrypted and unmonitored drives. They may work on unsecured networks in places where their passwords could be shoulder-surfed, lose critical devices and data while travelling to and from the office, or become so relaxed at home that they may more readily fall for phishing scams.
John Michael is CEO at iStorage.
An intimidating future
The explosion of remote work during the pandemic was an unsurprising boon for attackers. The National Cyber Security Centre reported a 15-fold rise in the number of online scams that it removed in 2022, because hackers know that remote employees have the potential to be more vulnerable to attack, and that such attacks may be more difficult to detect from afar. As remote working continues to be commonplace, such threats – and the vectors they can use to infiltrate – are likely to evolve.
Advancements in AI tech will make phishing more convincing, resulting not only in realistic, hard-to-spot email scams, but in voice and video models which more readily trick employees into believing they are speaking to a trusted colleague. AI or not, hackers’ tactics will become more cunning and far more advanced. And it is imperative that we stay ahead of the threats presented by new technologies.
Working practices may soon switch to embrace VR or the metaverse, for example. Identifying a compromised account or a bad actor posing as a colleague in the metaverse is likely to be far more difficult if every participant in a meeting is shrouded behind an avatar – and it’s hard to argue that the exciting, avant-garde nature of the metaverse will not cause workers to let their guard down.
The importance of readiness
The threat of the metaverse may be looming, but nothing, fundamentally, has changed. For all these new challenges, the core tenets of good data management – keeping reliable backups, obfuscating data to prevent it being accessed by third parties and always following best practice – remain the strongest defense. Creating a solid work culture focused on cybersecurity hygiene is the best way to ensure that tomorrow’s threats are easy to manage, even as the way we connect remotely or the threats themselves evolve.
One thing follows another. Installing rigid processes and regular training reminds employees of the potential impact that their actions could have, and helps embed best practice. Building a culture of trust ensures that standards do not slip and helps to inform the kind of security measures that will be required even if employees manage to be meticulously diligent. Well-considered data policies reduce the risk of costly breaches and reveal, without question, that employees need secure, encrypted storage to conduct their duties safely.
The benefits of encryption are clear. It keeps data private, even if workers use file transfer services to share large files over public networks. Sufficiently secured data renders an intercepted email, a breached cloud drive, an insecure network and even an undetected phishing attempt completely useless to an attacker. An encrypted backup is one with inherent integrity, not only securing against data loss but against infiltration or theft. And for remote employees’ local storage, an encrypted drive makes it confidential by design: the contents of such a drive simply cannot be accessed without the proper credentials.
Encryption helps to stay in line with legislative demands on data storage, and vastly reduces the risk of a data breach. Some storage options even enhance the potential strength of one’s security policies. Encryption locked behind two-factor authentication neutralizes leaked passwords. Storage which can be administered remotely can be geofenced to prevent its use outside of an employee’s agreed range, wiped from a distance, or locked permanently if it is lost or an employee has left the organization.
There’s no sense in waiting for tomorrow’s challenges to reveal themselves, because we know their solution today. 256-bit AES encryption is considered quantum resistant; to break it with brute force would take today’s computers longer than the universe is expected to last, and we know that even tomorrow’s quantum computers will require an incredible level of development to even come close. Encrypted data is safer data – with the right policies surrounding it, your organization will be as protected as it can be.