Ensuring business continuity in a remote working environment
- Published: Tuesday, 21 April 2020 08:16
The rush to remote working as organizations responded to COVID-19 lockdowns and other restrictions may have resulted in business continuity and cyber security taking a back-seat. Mick Bradley highlights areas that need to be considered and makes some recommendations.
Many organizations are experiencing a huge change in how and where work takes place, which could lead to permanent changes in the way we do business. The COVID-19 pandemic may well be the final element needed to spark a remote working revolution, a trend that was already in full swing in some countries.
This shift will require a revaluation of the entire IT paradigms of many businesses, and in an extremely short space of time. The switch to remote working brings with it a new set of security vulnerabilities, with organizations rushing to equip their workers with the right hardware and systems. But it is vital that cyber security, backup and disaster recovery are not forgotten during this delicate transition. Employees taking their devices home creates a much wider set of surfaces for cyber criminals to take advantage of, heightening the chances of being compromised by threats such as ransomware and other malware.
There has also been a pronounced increase in the level of reliance on cloud-based tools and shared drives, often not backed up automatically, which can represent attractive targets for hackers. Though cyber security protocols may be effective in mitigating some of the coming attacks, the sudden transition to a remote workplace will probably mean that at least some attempts will slip through the net. Therefore, it’s crucial that the continuity of the business-critical IT services that remote workers rely upon is assured.
The cyber security vulnerabilities of remote working
COVID-19 means that some businesses have had to provision whole organizations, sometimes with hundreds of thousands of employees, with laptops in just several days or weeks. Under such pressure of time, it’s easy to gloss over of business continuity, and to equip these laptops with less than adequate provisions. Every employee laptop represents a ‘mini data centre’, with a wealth of critical company data on it, which needs stringent protection against cyber threats.
With work now remote, there is an increased volume of emails being exchanged, with more tasks being requested via email. As a result, there are more opportunities for cyber criminals to masquerade as co-workers and launch successful phishing attacks. Research from Sophos indicates that COVID-19-related email scams nearly tripled in just a week after government regulations enforced the move, with many hackers now jumping at the chance to imitate the World Health Organization (WHO) or the United Nations to dupe unexpecting employees.
The correct approach to backup and remote working
Organizations where large numbers of staff are working remotely can greatly benefit from direct-to-cloud backup and DR. These don’t need any storage or additional hardware to be deployed on-premises to prepare the data before it is transferred to the cloud. This allows for laptops to be properly backed up, wherever they are geographically, without the need for them to have specialised and expensive infrastructure to support this.
Microsoft Office 365, for example, has over 200 million users worldwide, forms an integral part of the workflows of many organizations today, and is a key source of some of their most critical data. However, tools like these need third-party help when it comes to longer term data retention, preserving the data of those that have left the company, or mitigating the effects of email phishing scams. It is unrealistic to entirely rely on the native support of these tools when it comes to business continuity.
The importance of hybrid cloud infrastructures
The reality of home working is a huge amount of business-critical data finds itself stored either on laptops or in tools living in the public cloud. Both need to be backed up securely in case worst comes to worst, and data on either platform should become compromised. This is where hybrid cloud infrastructures, that use a mixture of on-site, private cloud, and public cloud storage, become extremely useful for maintaining continuity. Hybrid cloud allows businesses to have an ‘air gap’ that protects important data, wherever it resides within an IT infrastructure. This can mean an on-premise backup for the cloud data from their Software as a Service (SaaS) tools, or a public cloud backup of locally stored files on laptops. Having diversified backup options can also give firms more control over where their data resides, helping to maintain compliance with GDPR and other major data privacy regulations.
Employee training will always play a key role if organizations want to secure their continuity as cyber threats escalate and IT infrastructures are suddenly being revamped. Businesses should try and instil in their workforce a new set of practices that allow them to keep their data safe during the transition. However, when cyber attacks do happen, organizations need the right infrastructure to be able to limit the damage. Whether this is employing the right type of combination of hybrid cloud backup or being mindful of the specific set vulnerabilities which cyber criminals are now attaching themselves to, organizations are still able to take control of their data protection despite less-than-ideal circumstances.
Mick Bradley is VP EMEA, Arcserve.