How to plan a secure hybrid workplace

6 minutes reading

11 / 11 / 2021

The COVID-19 pandemic has changed the working habits of people all over the world, as well as the way we perceive the workplace. Experts agree that the future of work is hybrid, combining teleworking and standard office work. The new model may bring new security challenges for IT admins. How can organisations create a hybrid workplace which is both safe and effective?

The hybrid approach introduces new and innovative possibilities for employees. However, it also allows cybercriminals to exploit vulnerabilities resulting from the constant switching between company and private devices as well as networks. If unprepared for the new model, small businesses are potentially exposed to various types of attacks. Here’s what to watch out for if you want to keep your data safe and sound.

Infobox informing about the trend of combining work from home with work from office

1: Create a new security strategy

New working conditions call for new rules. With a clearer vision of how the future of work looks in the long run, security strategy must be adapted accordingly. Focus on both human elements and technology risks, including those connected to use of the cloud. To avoid cyber threats, strategic decision-making and sufficient preparation are crucial. Cybersecurity planning must be coherent, taking all potential weak spots into consideration. Such as:

The human element. During the past 18 months, employees may have adopted some unintentional risky behaviour as they began working from home, using home networks that are likely to offer less protection from malware than company networks. Also, when working from home, employees can become easily distracted and are more likely to click on malicious links. Cybercriminals can take advantage of this situation, targeting remote workers with more and more social engineering attacks. Therefore, it’s worth reminding employees of crucial cybersecurity rules which must also apply for remote working. Organising regular training sessions pays off.
Technology challenges. There was a 140% increase in Remote Desktop Protocol (RDP) attacks in Q3 2020 – an attack vector still on the rise. Therefore, it's crucial to make sure VPNs, SaaS offerings and RDP servers are properly patched and configured. They might become an easy target for cybercriminals, particularly due to previously breached or easy-to-crack passwords. “Moreover, a hybrid workplace will arguably require even more shuttling of data between remote workers, cloud servers and office-bound employees. This complexity will require careful managing,” says IT journalist Phil Muncaster. So, IT admins should make sure not only that company networks are thoroughly protected, but also hardware and software is running on home systems.

2: Adopt the Zero-Trust Policy

What is the best way to manage the complexity of on-premises and remote workers and systems? How to ensure that hybrid work and the prevalence of the Cloud does not endanger company data? Adopt the Zero-Trust Policy. The notion is simple: no devices or users within the company network can automatically be trusted, and IT admins should not rely on the company perimeter security. Never trust; always verify.

All employees should have individualised access rights, devices should be regularly authenticated, access should be carefully managed, and network segmentation should be performed. Measures like MFA (Multi-Factor Authentication) applied to all accounts and devices and end-to-end encryption or network detection and response will help keep your business data safe.

Infobox explaining the principles of zero-trust policy

3: Focus on an effective BYOD policy

Reduced hardware and software costs, convenience and a sense of ownership. These are some of the main advantages of the Bring Your Own Device (BYOD) policy, in which employees use their private devices for work purposes and use them in the office too. However, when poorly secured, they might endanger the company network and data. As employees return to the office, make sure they know how to address cyber-security, even on their own smartphones and laptops. Small businesses might address the challenges brought by the BYOD policy by improving their endpoint administration, ie. a cloud-based dashboard that provides the ID admin with information about how many devices are connected to the network. Also, all mobile devices with access to company data and networks should be provided with a security app – no matter whether they belong to the employee or the company.

The hybrid workplace strategy in a nutshell

What measures should you implement if you want to protect your business?

Mandate the use of multi-factor authentication (MFA) for all accounts and devices.

Implement policies that require automatic updates to be enabled for all devices.

Strong passwords for all home devices, including routers.

Psychometric testing to help identify where human weaknesses exist. This intel could be used to develop better security protocols and making training more personalised and effective.

Strict vetting/auditing of suppliers and their capabilities, in order to mitigate insider threats.

Data loss prevention tools.

Network segmentation.

Restrict access rights via a least-privilege principle.

Zero-trust approaches to limit the damage that could be caused by insider incidents.

Modify working culture so those at home don’t burn out on security practices.

Audit the types of home security solutions being used by hybrid workers.

Implement a cloud-based sandboxing technology which detects and analyses never-before-seen threats to add another protection layer.

All in all, clever security solutions will help you turn your hybrid workplace into an environment that is not only inspirative and motivating but also – and above all – comfortable and safe. It’s never too late to start taking cybersecurity seriously. Now you have a hint about where to start.