Five tips on how to stay (cyber)secure in a hybrid work world
From less time spent on the commute to a better work-life balance, maintaining the newly discovered possibilities of flexible working is a firm priority for workers today.
For businesses, that means hybrid work is here to stay. Not only does it help create a more attractive workplace at a time when job vacancies have been hitting record highs, but ultimately hybrid flexibility can drive greater engagement, better satisfied teams, and more productive businesses.
However, in the rush to embrace this new world of work, it’s been all too easy to overlook one of the biggest challenges it creates: maintaining cybersecurity.
Bad actors have taken advantage of uncertainty and change in the past eighteen months to exploit businesses and their workers. By following a few tips, though, we can stop them in their tracks, and unlock the benefits of a hybrid future of work without sacrificing security.
Tip one: Recognise your risks
Online fraud rose by 70% during the pandemic as bad actors took advantage of increased home working and reliance on online devices. From COVID-19 testing scams to launching hacks through QR codes, the first step to boosting security is recognizing the different shapes and sizes security risks come in. Security leaders must continuously make the time to identify new threats and vulnerabilities and plan for improved detective and preventive controls, to ensure their business stays ahead of those risks.
On top of this, it’s also worth understanding the implications of weaker security, and educating the wider business on this topic. Not only can it impact the business’ bottom-line, but research suggests victims are also hurt emotionally, with lower levels of happiness and higher levels of anxiety. Security today isn’t only about protecting your technology and finances, but also your people.
As you’re heightening your people’s awareness of security risks, remember to lead with empathy. Communicate that the security team is ready to help and support whenever people have security concerns.
Tip two: Reduce reliance on email
Email is the leading attack vector used by attackers to gain access to businesses and their employees. One of the most common approaches is through email spoofing, in which a bad actor creates an email that appears to be someone else (often, someone senior at the business they are targeting).
For both internal and external communication, changing email habits and reducing reliance upon it is now simpler than ever. This can be one of the most effective ways to reduce exposure to attacks and fraudsters. And, on top of this, bringing communications out of siloed email chains and into a tool like a channel-based messaging app has the benefit of making those communications not only more secure, but easier to share with team mates to collaborate on.
Tip three: Empower your employees with enterprise-grade tools
IT teams must stay ahead of employee needs. Otherwise, employees will find a solution to fill their needs, increasing the risk of disclosure of sensitive information. And, once adopted, it’s hard for companies to unwind this so-called “shadow IT.” In short, leaving teams to informally fill gaps in their tech suite – for example, by using consumer-grade messaging apps to communicate – creates unnecessary security risks. Encryption is a bare minimum for workplace collaboration, however enterprise-grade apps can provide additional features like Enterprise Key Management, audit logs which further empower IT teams to keep data secure and workers safe.
Further, having a dedicated security and compliance partner ecosystem means enterprise-ready collaboration tools can easily connect with security staples (e.g., Okta or Splunk).
Tip four: Boost identity and device management controls
With more workers using personal Wi-Fi and personal devices it’s time to establish new security baselines. Securing information in a hybrid working environment begins with identity controls. From session duration metrics to two-factor authentication and domain claiming, it’s crucial to think twice about how you’re ensuring only the right people have access to your company’s information, wherever they’re working.
Meanwhile, session management tools, default browser controls, additional authentication layers and the ability to block jailbroken or rooted devices are extra defenses that help ensure that it’s not just approved people, but approved devices that are plugging into your networks.
Tip five: Embrace a mindset shift on security
Just as the work landscape has changed dramatically since early 2020, so has the security space. As workers shifted, so did threats, and IT teams have worked tirelessly to stay ahead of fast-moving bad actors.
We know remote work is here to stay. Meanwhile, new threats such as weaponized artificial intelligence are only just emerging. To help IT teams do their job and keep us and our businesses safe, we must start shifting our mindset on security.
That means formalizing the work-from-home space and enabling workers and IT teams to give it the same level of protection as we’d expect in a physical office. It also means listening to the needs of remote and hybrid workers and providing everyone with enterprise-grade tools for work, from office suites to collaboration tools, so that they never have to turn to non-enterprise grade or unsanctioned platforms.
Finally, it means always taking a security-first approach to the tech-stack. Reducing reliance on legacy tools that provide bad actors with exploitable gaps in your defense and building an ecosystem of enterprise-grade tools can enable businesses to shore-up security. The result is IT teams and the organization as a whole can work from anywhere, and focus on the work that really matters to them, safely and securely.