Cybersecurity Concerns in the Age of Hybrid Workplaces
Even as the threat of COVID-19 eventually normalizes in our post-pandemic environment, many of the habits and changes we made will likely stay. One of those is hybrid workspaces.
A hybrid workplace or workspace is a flexible system that allows workers to shift between onsite and offsite work. According to recent data, 65 percent of employees want a hybrid workspace moving forward. This is understandable as working remotely means employees no longer have to deal with the stress and cost of a long commute and can work at their own pace. Supervisors are also embracing the idea of a hybrid workplace because the pandemic proved that employees could be as productive, if not more when working at home.
It seems like the ideal solution for everyone. However, cybersecurity experts have raised concerns about the hybrid workplace model.
The risks of remote work
In a traditional office setting, implementing cybersecurity measures such as protection from DDOS attacks is easy. However, in a hybrid workspace, things become a bit more complicated. Most enterprises have a secure network that employee devices can connect to, ensuring some degree of protection. The office devices are also equipped with top-of-the-line antivirus software and are monitored by the I.T. team.
However, your employees’ home networks and devices may not have this level of security, leaving them vulnerable to potential attacks. Some employees may even be accessing public networks like cafe or library routers, which could jeopardize the company if their device contains sensitive information. Besides this, there’s also the increased risk of employees losing work devices. Some companies provided work laptops or tablets for their employees to bring home. While these devices helped maintain productivity throughout the lockdowns, they are now an additional weak link to the already fragile cybersecurity chain. More persistent cybercriminals now have the option to steal these devices and extract company secrets from them.
There is also the concern of slower emergency responses. When working onsite, any emergency is quickly made apparent to the supervisors, and the I.T. department as they’re often a few steps away. However, with remote work, you’ll have to call or email to report an incident, and there’s a chance the concerned parties may not be available to address it immediately. This is devastating because even a few seconds can spell the difference between a close call and absolute catastrophe in a crisis like this.
Cyberattacks are on the rise
During the pandemic, many companies adopted cloud services to facilitate the storage and transfer of data among remote employees. Along with this trend, analysts noticed a 140 percent increase in RDP attacks and a boom in phishing and malware cases. This correlation shows that cybercriminals are aware of the cybersecurity gaps that come with remote and hybrid workspaces and are doing their best to exploit them while companies and experts scramble to find ironclad solutions.
Securing a hybrid workplace
Unfortunately, no pre-packaged solution can provide a hundred percent guarantee that you won’t fall victim to a cyberattack. However, following the provided steps will at least minimize the risk.
- Implement strong passwords and activity timers
Whether it’s the device, domain, applications, or other office network service, ensure that strong passwords are in place. Use a mixture of symbols, numbers, uppercase, and lowercase letters. Cybersecurity experts advise never to use the same password and to change it every 60-90 days. In addition, you can improve security by implementing two-factor authentication where you can.
Besides passwords, an additional security measure is implementing activity timers. This will automatically log out a user who has been idle for a certain time. This ensures that users don’t accidentally stay logged into the system and leave it vulnerable to infiltration.
- Use full disk encryption
Disk encryption ensures that even if a work device were stolen or lost, the information it contains wouldn’t be accessible to hackers. There are various tools available for this purpose, but use one that provides the highest-level security so that even a sophisticated decoding algorithm can’t crack the code.
- Set access limits
Not all information should be accessible on any remote device by any employee. This ensures some degree of control over the most sensitive company data. Ideally, access to the internal network should only be done on an onsite device monitored by the I.T. department.
- Educate your employees
Humans are the weakest link in a cybersecurity plan. Even if the system in place is the best current technology has to offer, all it takes is one person’s mistake for it to all come crashing down. Teach your employees the security protocols and the importance of adhering to them. Deliver the information in a way that even those who aren’t tech-savvy will understand. Here are a few key reminders each employee must abide by:
- Never write down login credentials: It seems obvious, but you’d be surprised how many people keep passwords on post-its, notebooks, or their phones. Understandably, multiple strong passwords are difficult to remember, but use secure password managers instead of writing them down.
- Never connect to public wi-fi on your work devices: There are many risks in connecting to public wi-fi, from hackers intercepting your data to stealing passwords. Even with a VPN, it’s still not recommended.
- Never leave your work device unattended: If your work device is not in use, ensure it is secure, either by keeping it in a locked drawer or room. If you’re bringing it to another location like a library or cafe, never leave it on the table. Some employees have the unfortunate habit of letting their family use their work devices. Even if they don’t have malicious intent, they may unknowingly put the company at risk by clicking on suspicious ads or installing a virus.
- Partner with cybersecurity experts
Like how you would hire security guards to protect your physical office, it’s best to contract professional-level services to ensure your business’s safety. Most companies were content with basic cybersecurity plans, but if you’re planning to make your workplace thoroughly hybridized, it’s best to upgrade your security to plug all the gaps in remote work.
While remote work is not new, this is the first time it’s being implemented on such a large scale, and the fact that many companies were not prepared for this situation only puts them even more at risk. There was no time to train employees to conduct remote work without compromising company secrets and no time to prepare the appropriate infrastructure to maintain secure data transfer.
Fortunately, companies have started investing in tighter cybersecurity measures to complement hybrid workplaces. With this, employees can enjoy greater flexibility without additional risk to the company. In addition, an increased interest in the hybrid workplace means that more funding is being funneled into research focused on strengthening remote security. With these changes, all our worries regarding remote work may soon be a thing of the past.