With highly dispersed workers in a highly organized cyber threat landscape, the following strategies can boost data security and business continuity.
Most organizations now operate with a larger remote workforce than ever before, and some may have lost easy access to their data center. To cope, new services and solutions may have been introduced into the IT environment, many of which are likely to have increased complexity and risk by complicating the challenge of managing ‘dark’ data, PII, regulatory compliance, cybersecurity and data management.
Additionally, the ‘DIY’ nature of managing multiple products—in most cases from multiple vendors across an increasingly diverse landscape—has become almost impossible for already stretched IT teams and is a major contributor to higher total cost of ownership (TCO).
Not only are operational SLAs jeopardized: massive inefficiency results from the proliferation of duplicated data and low optimization of expensive resources.
Tips for data management future-proofing
Organizations now need to move from a state of ‘keeping productivity as high as possible and eliminating IT-led issues’ to trying to find a new and productive ‘normal’. It should be less about ‘keeping the lights on’ now, and more about working out how to improve what has been deployed and stress testing it for future needs.
Leaders that have not been thinking along a future-proofing mindset, or who have diverted budget away from continuity planning, are in a bad spot.
Here are nine considerations and best practices to overcome avoidable mistakes in future-proofing and continuity planning:
- Ransomware: There is little doubt that having a mostly work-from-home workforce increases the threat landscape for your organization. Re-evaluating existing IT policies and updating them to support a remote workforce is crucial.
To counter cyberattacks, set up alerts that observe unusual activities such as permission changes, volume increases on storage, and high volumes of data being moved. Utilize any mobile apps available from vendors to make it easy to spot issues before they arise. Getting ahead of an attack is the most important thing, provided your organization has a multi-layered defense and recovery plan in place. Work with the supply chain to leverage any of their integrations to make life easier and enhance security postures along the entire chain. - Phishing scams: With so much stress and distraction caused by ongoing pandemic-linked disruption, or even added workloads due to the Great Resignation, employees are more likely to fall for malicious scams and tricks. Consider sending a list of validated URLs for staff to check against, or whitelists when using any client-based content monitors, and even ‘dummy’ phishing emails to test their understanding. The more knowledge and awareness that employees gain, the lesser the chance of them becoming a target to ransomware attacks.
- Social engineering: It is not uncommon for malicious agents to try social engineering tactics, for example a phone call to those in administrative roles claiming to be IT and needing to reset executives’ passwords, and then requiring them to tell the malicious actors the old one first for “verification”. These attempts are commonplace and could compromise your entire infrastructure. Make sure that your IT department opens multiple communication channels with staff such as the Help Desk system, content manager, messaging platforms, and a broad range of active first responders.
- Backup hygiene: Review data backup protocols and follow the industry advice to adopt the ‘3-2-1’ rule, which mandates at least three copies of your organization’s data, consisting of the original production data copy and two backups. The two refers to having at least two different types of media to store copies of your data, such as local disk and cloud-based storage. Finally, at least one backup must be kept offline or offsite, or in an immutable state.
- Employee-led backup: Organization that grant staff the ability to restore their computer in the event of issues must educate them of the importance of backups and what to do in the event of a problem. To maintain compliance, issue and periodically re-issue, educational materials and resources explaining how to conduct a backup locally, as well as policies on where to store files, when backups should take place, etc., to minimize the effect on ‘live’ data environments.
- Local recovery: With many workers using their own endpoints such as personal laptops, and with no on-site IT teams available in the home, ensuring local recovery tools are in place is a must. This will allow remote workers to restore their laptop to a working configuration without any external help. Various tools are available that allow a device’s working disk image to be stored centrally and reinstated in emergencies. For the small amount of time that it takes to make a backup image, the coverage benefits for any unexpected error or loss of connectivity to the company network are immense.
- Backup integrity: Not every backup job completes, and some that do are not always reliable. Ensure data copies are usable and can be trusted for restores, by testing them through a backup tool or console. In the cloud, this can be done through a provider’s dashboard. It is an impactful activity and an easy job that IT teams can perform remotely.
- File sharing hygiene: Make use of a file share system that is remotely accessible, or a cloud-hosted file exchange: this can help modernize your IT systems and support employees in any location. This will also allow your organization to manage the proliferation of corporate data that may have been, or continues to be, shared on unsecure services or platforms, especially those falling into a shadow IT nature.
- Data fragmentation: Check for file copies and determine where duplication exists. Where possible, look to apply deduplication and compression tools, and enable small-file optimization. This frees up storage resources when new hardware is unable to be bought and installed, while also improving total cost of ownership of existing resources.
IT teams are facing unprecedented demands to go beyond simply supporting business operations and start to act as a source of innovation and competitive advantage. By overcoming the various data challenges mentioned above, some of the biggest IT roadblocks will be cleared, and IT will be empowered to deliver on increasing expectations, best practices and effective data management.