It turns out that IT departments and business leaders aren’t the only ones concerned about the impact of COVID-19 and remote work on data security. The average American has a heightened awareness of the safety of their personal data, which has increased during the pandemic, and nearly half don’t want to share their information with government agencies or other organizations and businesses. That’s according to the Unisys Security Index.
Before the pandemic, the FBI received about 1,000 cybersecurity complaints per day. Since coronavirus upended our lives, the FBI is seeing about 4,000 reports per day. “We have increased vulnerabilities online, and increased interest from threat actors to exploit those,” Tonya Ugoretz, the deputy assistant director of the FBI’s Cyber Division, said in an Aspen Institute webinar. “There was this brief shining moment when we hoped that, gosh, cybercriminals are human beings, too, and maybe they would think that targeting or taking advantage of this pandemic for personal profit might be beyond the pale. Sadly, that has not been the case.”
The Visibility Shift for Data Security
According to the Security Index, concern for personal safety had its largest increase and overall personal security concerns are at their highest since the first Security Index in 2007. Yet, security of personal data has been a challenge for decades. What’s the difference now?
Visibility, thanks to a world full of instant information, said Jennifer Bazela, director of cybersecurity programs at Unisys. “Your customers are seeing breaches in the news at an alarming rate. They probably have been, or know someone who has been, personally impacted by a data breach or identity theft,” she said in an email interview. “They are more educated about the risks than ever; and with that information comes action, skepticism and in some cases, fear.”
And COVID-19 has heightened that awareness, both due to the rise in phishing and social engineering scams surrounding the virus and a growing concern around the security in natural disasters, as the Security Index pointed out.
Recognizing the value of their personal information and the risks involved if that information is stolen or compromised, consumers are increasingly wary of sharing that information with public and private organizations.
What This Means for Businesses, Government Agencies
“Companies have a core responsibility to protect the data of their employees and their customers, and with the visibility to the actions of bad actors now, they are holding their vendors and partners accountable to conduct business securely,” said Bazela.
It’s also up to the organizations to reassure their customers about the security of their personal information, and the only way to do that effectively is with complete transparency.
“Let your clients know that your company prioritizes data security and that you have both tools and processes in place to ensure that their information is protected,” said Bazela. “I’d also recommend sharing some details about your data privacy training program. Coupling both the system and people aspects into messaging around data security should provide your customers with a sense that your company’s culture includes data privacy at its core.”
Building a security culture that works for both the organization and the consumer is key to building a level of trust surrounding personal data. Security can no longer be an afterthought, but rather a part of the focus of business operations and outcomes. While it can be complicated for non-security professionals to understand the “why” behind security, security awareness training should make it clear why consumer data security has to be a top priority. At the same time, Bazela pointed out, security professionals need to be a part of the business. They should understand what the business goals and challenges are, and be able to offer secure solutions to help their organization and their consumers solve their business issues.
“The COVID-19 pandemic has added a sense of urgency to the importance of prioritizing an organization’s cybersecurity and operational resilience,” she wrote in a blog post. Consumers know their personal data is at greater risk right now; organizations need to follow through with cybersecurity.