Did you know that half of all businesses were affected by some kind of breach during the first coronavirus lockdown? Whether or not your company experienced such an incident, the fact is that when staff work remotely, it opens your business up to many new threats. Where in the past your perimeters were relatively easy to secure, in a world of hybrid working, the surface available to attack is much larger.

IT departments the world over performed incredible feats last year, setting their colleagues up to work remotely in the midst of the pandemic. Many tech teams built a patchwork of cloud, VPN’s and people’s own personal devices to keep the ship afloat. At most businesses, these solutions were designed to be a short-term fix to a pressing problem. But now that hybrid working is expected to become the norm, a more coherent strategy to remote work and security will be vital.

So, what are the risks involved in hybrid working and how can you prepare for them?

 

Attend our webinar: Redefine security practices for hybrid working

 

Hybrid working introduces new security risks

When staff are working remotely at least a couple of days per week, several new risks emerge:

  • Behaviour issues

The ‘human factor’ has always been the greatest weak point in cybersecurity. And this becomes even more challenging when staff are spending two or three days of the week outside of the office.

If people working from home, they may feel more relaxed and allow their guard to drop. This means staff may be less alert when a phishing email lands in their inbox, or they may be distracted and ‘CC’ email recipients rather than ‘BCC’ them.

More generally, when people are working alone, they may be less likely to perform sense checks – such as asking colleagues about the best practice for saving documents and applying permissions. And of course, if staff are working remotely in cafes or shared workspaces, there’s a greater risk of device theft or even spying.

  • Weak endpoints

Another serious risk that hybrid working introduces is that your staff may connect to endpoints that are either weakly protected or not protected at all (indeed, a shocking 58% of remote workers admit to connecting to unprotected networks!).

Whether it is a public Wi-Fi network, a connected television or their old home printer, all of these networks could provide an entry point for malware. And once it has made its way onto staff devices, it could soon enough enter your company’s perimeters too.

  • BYOD risks

When companies introduce hybrid working, it is much more likely for people to connect to your enterprise systems using their own devices. If they have ever downloaded unverified apps to their personal laptops, smartphones or tablets, these could become a new entry point to your systems. The same risk applies if they have not updated their operating systems too.

 

Hybrid working: 10 factors to consider for the ‘new normal’

 

Redefining your security practices for hybrid working

Hybrid working is expected to become the norm at many companies, so IT departments will need to reassess their security practices to support the business as it adapts. We will be delving into the practicalities of hybrid working security in our upcoming webinar. But key considerations include:

  • Training

All staff will need to be given regular training refresher courses to ensure that they understand the risks that remote working introduces. They need to know about the phishing scams to watch out for, understand cyber hygiene, and take responsibility in a security-conscious culture.

  • Reassess your business continuity plan

In a world where people will be connecting to your enterprise IT systems remotely for at least part of the week, it’s going to be essential to reassess your business continuity plan in case your systems ever do get breached. For instance, how will people working remotely log in and keep working if your business undergoes a ransomware attack?

  • The zero-trust security model

The zero-trust security model assumes that any user connecting to your systems could be a threat. It therefore requests two or more forms of identification to ensure that the person is who they say they are. This is becoming the norm in a world of hybrid working where you simply don’t have physical visibility over who’s in your office and logging onto systems.

  • Monitor endpoints and software

With more people connecting to your systems from outside your premises, it will be important to monitor endpoints and cloud platforms. This might require you to invest in new forms of technology that can automatically assess all the endpoints connecting to your company systems.

  • Review and update your policies

If you are allowing staff to work remotely, various policies will need to be updated and refreshed – from BYOD to passwords to your permissions policy.

 

Practical tips for secure hybrid working

Hybrid working is expected to become the norm for countless companies around the world. While this will bring many benefits, it is going to be vital for IT teams to make some serious adjustments to how they keep company data secure and minimise the risk of breaches.

In our upcoming webinar, we will be exploring this topic in more detail – describing some of the practical steps your organisation can take to prepare for a world of hybrid work.

Sign up to the webinar here today.