Employer data goes AWOL under Covid-19 lockdowns

Covid-19-era data breaches go beyond unemployment insurance fraud, medical-research hacks, and other hot topics. And unfortunately for public organizations and private companies, the data loss — from theft or otherwise — is getting worse.

That’s according to several studies published this month, including the Digital Guardian Data Trends Report, published today, which paints an increasingly dire picture for organizations. Plummeting employee morale, a myriad mix of employee devices accessing the organization’s servers from home networks (all with hard-to-know security statuses), and hard-to-monitor employee data security practices have put employers’ data at greater risk than ever before. The report aggregated anonymized data from 194 of Digital Guardian’s customers between January 1 and April 15.

According to the report, which covered financial services, manufacturing, health care, and other businesses, employees copied company data to USB drives 123 percent more than before the pandemic’s onset, with 74 percent of that data marked as “classified.” Data egress over email, USB, and cloud services leaped 80 percent, with more than 50 percent of that data marked as “classified.” Accompanying the spike in data copying is a 62 percent increase in malicious activity on corporate networks and servers, with a 54 percent bump in incident response investigations.



READ MORE ON COVID-19 AND CYBERSECURITY

Facebook fails to curb coronavirus misinformation
Secure contact tracing needs more transparent development
Phishers target oil and gas industry amid Covid-19 downturn
Hydroxychloroquine misinformation makes way for political disinformation
Ebola-hacking lessons for coronavirus fighters (Q&A)
How to make your Zoom meetings more secure
CanSecWest, the last tech conference standing in the face of the coronavirus


“In times of economic uncertainty, employees tend to protect what they believe is theirs, and attempt to take sensitive data prior to being possibly laid off. That is the type of behavior our research is indicating and in some cases has proven to be true,” says Tim Bandos, vice president of cybersecurity at Digital Guardian and the report’s author. “We don’t see a lot of the data going to the Dark Web. We see employees that worked on projects and think the data belongs to them.”

Whether or not the data loss is intentional, the fact that it is occurring at a much higher rate than just four months ago suggests a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy. There will be a high cost to bolstering those defenses as organizations struggle with employee morale and a lack of insight into the devices on their employees’ home networks, experts warn.

This story was originally commissioned by Dark Reading. Read the full story here.