[4 min read]
A recent article in SecureWorld “Lessons from 2020, and what to expect in 2021: An evolutionary time in cyber and privacy” looks back at some of the main cybersecurity events in 2020 but also predicts what 2021 will bring. With many of us busy planning for the year ahead, what do we need to know?
The biggest take-away from 2020 is that the world is still unpredictable - not a shock to anyone I’m sure! Nothing has taught us this lesson more than the current pandemic. In March 2020, businesses around the world quickly moved to a remote work situation and, if they hadn’t already, they had to think about how to manage data security and risk management remotely for their whole organization. So what does that mean for cybersecurity as we head into 2021?
Remote employee security policies for 2021
The 2020 necessity of remote work puts a spotlight on 2021 remote employee security policies. But don’t forget this means your vendors’ employees also. On the plus side, 2020 has shown us that technology can really make life easier. How many of us had considered a full time work-at-home career before the pandemic? For most employees, who were rushed out of the office with laptops, the future of working at home looks positive at the end of 2020. Companies quickly purchased software and put in place security measures - but did they do enough to protect their company data for 2021 and beyond? Organizations should examine data security frameworks and apply one to their organization to see where they are most vulnerable, paying particular attention to remote working policies and vendor management.
The future is regulated
Enforcement of existing data privacy regulations such as GDPR and CCPA will continue in 2021 as will new security frameworks introduced in 2020 like CMMC. Companies must remain current with all relevant security standards and regulations and include them in new configurations for the home work environment. It’s hard to avoid reading in the news about the increase in cyberattacks and how we all need to be cyber-aware - from our employees logging into new systems containing valuable company information to our children logging onto their school laptops. When major companies like Nintendo, Twitter and Zoom suffer breaches, it’s a wake up call for all companies to take data security seriously. Ostendio emphasizes the importance of security training for all employees which includes testing their knowledge after the training is complete and repeating training more than annually to keep it fresh in everyone’s mind.
California Data Privacy Dream Becomes a Reality
Like many people in the cybersecurity field, we expect an increase in state legislation around data privacy, especially in light of the recently passed CPRA in California which strengthens the CCPA. The SecureWorld author considers the increasing use of biometrics data, think facial recognition and fingerprints, and discusses the storage of such data.
Information Security Must Move Beyond Managing To The Audit
As we start 2021 with continued enthusiasm for changing the way companies handle their data security and risk management programs, we are talking to customers more than ever about the need to move beyond managing to just the audit. More companies are taking a forward looking approach by creating a culture of security in their organizations. It is increasingly important to not simply be driven by an episodic event like an annual security audit, but rather build a year round security program that ensures the organization is perpetually secure. This must also be extended to vendors to ensure companies expand the reach of their data security environment and protect sensitive data. To do this effectively, companies need a platform like Ostendio MyVCM to ensure they have an always-on view of their data security program. By using the Ostendio MyVCM platform companies will be able to know and show their information is secure.
The conclusion of the article is a valuable reminder about the power of the data that each company collects: “As data continues to reign supreme in businesses across industries and the globe, those businesses need to embrace the need to understand their data, understand their legal and contractual obligations, and take proactive measures to address the collection and processing of data.”
You can read more from Ostendio about the power of data and what’s possible when your employees have real-time data at their fingertips here.