With most businesses adopting hybrid working models in the wake of COVID-19, some employees are splitting their time between working at the office and working remotely. For cyber security professionals, however, this poses new challenges associated with hybrid work environments and remote workers that need to be considered. As employees are working across two locations, potentially using different devices, there are emerging opportunities for cyber attackers to effectively breach the network, writes Alan Hayward, Sales and Marketing Manager at the networks product company SEH Technology, pictured.
One of the biggest cybersecurity risks of the hybrid working model is unsecured home networks. It’s fair to say that most employees will not understand network security beyond the basics, often requiring an educational process from cybersecurity and IT professionals. Businesses may also see an increase in stolen or lost work devices, with the possibility that equipment is misplaced during daily commutes or from employees’ homes. In addition, IT leaders have witnessed a soar in targeted phishing attacks during the global pandemic, as cybercriminals have been able to take advantage of distracted remote workers.
With this in mind, organisations need to take these considerations into account when deploying their hybrid working model and adjust their cybersecurity strategies accordingly.
Equipping hybrid workers with the right tools
It’s clear that employees need the right tools to be able to effectively manage their workload and responsibilities. As a result, it’s up to the IT leaders and cybersecurity experts within the business to provide them with the right software and hardware devices that they will need. This includes secure cloud storage solutions, collaboration applications, video conferencing software and password managers. Not only do these solutions help improve workers productivity both in the workplace and at home, but they also create safer work with bolstered security measures.
Another vital element to consider is USB dongles that can contain huge amounts of valuable or sensitive data. They can also easily be misplaced and when inserted into an organisation’s IT systems, malware can be introduced. These dongles may be openly shared amongst hybrid workers, making it more difficult to track what they contain, where they’ve been, and who has used them. Dongle servers are a popular choice as they allow USB dongles to become available over a network. This means copy-protected software can be used as normal, but users don’t need to connect the license dongles directly to their client, minimising the risk of data breaches and attacks on the organisation’s network.
Establishing a multi-layered security approach
With hybrid working introducing an extensive network perimeter, companies will need to implement multiple layers of security to limit external and internal threats. Firewalls for example are a strong defence to prevent threats from entering the network, by creating a barrier between employees devices and the internet with closed ports of communication. Furthermore, encryption and advanced email filtering are great ways to shield hybrid workers from online dangers that they may fall victim to in today’s hybrid work.
What’s more, virtual Private Networks (VPNs) allow hybrid employees to access the organisation’s IT resources securely from home or in the office, including email or file services. VPNs create an encrypted network connection that authenticates the user or devices and secures data in transit between the employee and the organisation’s services. Multi-factor authentication can also reliably defend the organisation against password-based attacks as employees are required to present two or more pieces of evidence during authentication.
Launching a cybersecurity training programme
In a recent survey, it was reported that almost 60 per cent of IT leaders plan to introduce cybersecurity awareness training if their organisation adopts permanent hybrid work. This is because many data breaches are a result of human error and investing in cybersecurity awareness training will ensure employees are no longer the weakest link. It’s vital to introduce cyber security training for staff and students to help them build an understanding of how to best mitigate the risks.
Additionally, they should also be trained on the use of their devices in both on-site and remote scenarios. This will include secure storage and management of user credentials or passwords and how to report a cybersecurity incident, as well as building an awareness of the risks and the ways that they can be prevented. Employees can also be re-educated on how to recognise threats like spam, phishing and cyberattacks.
Future of cybersecurity
Over the past 18 months, businesses across the globe have had to adapt to a period of unprecedented change. One of these changes is the emergence of hybrid working which allows employees to take advantage of the flexibility to work either from home or in the office. This model comes with its own set of cybersecurity challenges, derived from the blurred network perimeter, a mix of personal and work devices and an increase in cyber threats. Now is the time for IT leaders to implement cybersecurity strategies and revisit risks to bridge the gap between running a business remotely and ensuring it is security compliant.
