Data Leak Dimensions in the Post COVID-19 Era

Introduction

COVID-19 has locked the world indoors. However, with most of the employees working from home, sensitive data has left the secured confines of the workspace, creating a feast for the cybercriminals. As people access corporate data over home broadband, without any additional security, hacking sensitive data has become easier. According to an online intelligence firm, in May 2020, personal data of 29 million job-seeking Indians, including email, phone, home address, qualification, work experience, etc., were posted on one of the hacking forums for free. In April 2020, cybercriminals hacked personal data of nearly 8,000 small business owners seeking relief loans from Small Business Administration (SBA), which oversees the Economic Injury Disaster Loan (EIDL) program in the US. A study by the University of Illinois revealed most COVID-19-related apps might be risking personal data.

1. Cybercriminals leak personal data of 2.9 crore Indians on dark web for free, Telecom News, ET Telecom (indiatimes.com) 2. https://www.cnbc.com/2020/04/21/small-businesses-seeking-loans-may-have-had-personal-dataexposed.html 3. Covid Apps: Most Covid-19 apps with contact-tracing feature may be putting your personal data at risk, Telecom News, ET Telecom (indiatimes.com)

Organizations are more vulnerable to data leaks now. With remote working becoming the new normal, some vulnerabilities are listed below:

• • Unprotected private and mobile devices – Without anti-virus, running older versions of system software and applications
• • Unprotected wi-fi networks – Using weak passwords or shared networks
• • Using unencrypted resources
• • Using improper tools like instant messengers and social networks for corporate communication
• • Phishing
• • Lack of multi-factor authentication
• • Lack of a business continuity plan
• • Employee unawareness of the cybersecurity risks

When employees work from home, it's easy to let boundaries blur between work and personal stuff. Therefore, monitoring employee activities becomes a necessity for the following reasons:

CYBERSLACKING - A ballpark estimate suggests that organizations lose 2.5 hours per day per employee on an average to non-productive usage of the Internet, which includes personal emails, social media, accessing non-work-related (sometimes inappropriate) videos, shopping, or playing games online. Employee activity monitoring can make that loss of productivity count.

DATA THEFT - A survey reveals that 47 percent of former employees take confidential company information with them before they leave the organization, breaking non-disclosure agreements. While the connected world had increased productivity and made the workforce mobile, it has given employees new opportunities to access and steal sensitive information from organizations. 53 percent of employees send business-related information to personal email and cloud-based file-sharing accounts.

FRAUDS - Organizations often suffer a loss due to employees passing sensitive information for their gain. Fraudulent activities do not cost only the company money but also damages their reputation and the confidence of the customer. With proper employee monitoring, organizations can check online activities and data transfer and prevent such loss

While modern technology allows us to distance ourselves socially and live the new normal of working remotely, businesses will need to address the increased risk of cyberattacks. Some ways in which organizations can address these risks are:

Personal devices often lack tools necessary to detect and prevent cyberattacks, making it extremely difficult to prevent, track, or mitigate a data breach. Therefore, employees working remotely should either connect remotely on company’s virtual machine through a secure VPN or use company-issued laptops with data security software and tracking mechanism in place.

Apart from endpoint protection, logging, and monitoring systems, which are already in place for most organizations, rolling out multi-factor authentication across the corporate network will help in preventing cyberattacks. Even if the hackers have access to the credentials, having a second layer of authentication using a credential or some other forms of proof will help prevent cybercrime.

Tagging data digitally and restricting employee access to specific data and documents can help control leakage. For that, it is essential to understand the types of data that you want to protect and to access such data with management rights. For example, all employees should not have access to the company website.

With the pandemic threat, people tend to click every email and links that promise to give them some insight into COVID-19. Cybercriminals are exploiting this pandemic fear and have been phishing with emails claiming to come from the WHO or other authorized health entities. Organizations should educate and remind their employees to be wary of such suspicious communication.

While employees are working from home, specific sector organizations globally faced challenges to offer them devices to work from home and BYOD mode offered more troubles. Organizations in such state should start exploring online workspace options with secured controls.

Every employee home device is virtually a workspace for an organization and CXOs are not prepared to guard all these open virtual spaces that are vulnerable and leaves opportunity for information leakage. In parallel with limited skills in place its offered a better opportunity for cyber criminals to penetrate or an open state for employee to leak information. Under such state, its ideal to explore a Managed security partner that drives your information leakage assessment, manage your devices and offer near-time visibility of incidents on your behalf.

Monitoring access to systems and networks by employees can prevent a data breach. Some of the common measures that can be implemented are as follows: - Encrypt email, file shares, and other communication - Inspect traffic at different stages – on the network, at endpoints, and on stored data - Track complete sessions - Control use of specific content by not allowing employees to save, print, or forward content with sensitive information - Block access to websites not related to work and malicious sites - Block usage of portable devices on laptops to prevent the transfer of data.

Training:

Monitoring access to systems and networks by employees can prevent a data breach. Some of the common measures that can be implemented are as follows: - Encrypt email, file shares, and other communication - Inspect traffic at different stages – on the network, at endpoints, and on stored data - Track complete sessions - Control use of specific content by not allowing employees to save, print, or forward content with sensitive information - Block access to websites not related to work and malicious sites - Block usage of portable devices on laptops to prevent the transfer of data.

With virtual private and professional lives blurred, employees are online 24x7, working as well as spending time on non-work activities, like banking, shopping, etc. often over insecure wi-fi networks. Organizations need to educate the employees about security policies and remind them not to save and share personal data on unsecured devices.

Implementing a better security system is the need of the hour for all organizations. We have an unified platform named inDefend, that can secure your organization. It is designed to prevent data leakage via various channels and proactively keep you informed of any sensitive data exfiltration attempt on-the-fly. It allows you to monitor your employees' behavioural patterns and pinpoint potential avenues for data exfiltration. This solution is built to achieve complete transparency over all the digital assets residing within your organization. And above all it offers transparency to employees by offering reflection of their activities and maintain cultural balance.

Connect with Technology Consultants to get FREE consultation. Call @9289115011 or visit https://www.cloudfence.ai/ for more information. Click here to submit your queries https://bit.ly/3cWCrUz