Cyber resilience in a hybrid workplace: securing your employees’ devices

Working conditions have significantly transformed in recent years, and by all signs, remote working is here to stay

As reported by a Unisys study, 64% of business leaders indicated that their organisation planned to adopt a different operating model than the one they had in place before the COVID-19 pandemic.

While flexible working conditions are reported to drive productivity and help with mental wellbeing for staff, there are challenges around this new way of working – one of the biggest being cybersecurity. As outlined in the 2021 Cybersecurity Breach Survey published by the UK government, transitioning to a hybrid or even fully remote working model has brought some new challenges for businesses and organisations when it comes to staying fully protected against cyber attacks. This includes increased difficulty in user monitoring, keeping hardware and software systems updated, and extending security measures to personal devices, just to name a few.

Undoubtedly, these new circumstances require adjustments to internal cybersecurity protocols but that doesn’t mean one has to compromise on security in a remote working model. Rethinking current policies and adapting them to the new setup will not only effectively take care of any existing security risks when it comes to employees’ devices but will contribute to the overall cyber resilience of the company going forward.

Switching to a Zero Trust Architecture

The zero trust network model is exactly what the name implies: trust nothing. Whether traffic originates from inside or outside the organisation, a zero trust model will cut off any and all access until the network can make sure that the user trying to gain entry has the necessary authorisation.

The reason why this relatively new security framework has been proven to work so well is because instead of simply focusing on the perimeter, it monitors access to internal systems inside the firewall as well. It draws on technologies such as encryption, scoring and file system permissions. This is all tied together by an overarching security policy which gives users the least amount of access they need to accomplish a specific task.

Making Use of Multi-Factor Authentication

As an extension of the zero trust network model, multi-factor authentication is a crucial feature when it comes to securing devices that are operating off-site. This authentication method requires the user to set up two or more verification factors in order to gain access to internal resources. While usernames and passwords alone remain vulnerable to brute force attacks or can be stolen by third parties, the additional levels of security MFA systems mean that attacks can be prevented before they happen.

Education and Training

It is widely known that the number one vulnerability of any security system is to be found at its user base. In order to effectively enforce security protocols, the education and upskilling of the employees is a crucial step towards success. A hybrid or remote setting where the employee has a portable device – personal or company-issued – only heightens the importance of training. This process can be as simple or as elaborate as necessary, however, the first step is making sure that everyone has a clear understanding of all the security protocols that are in place at any given time within the organisation. There are various free and paid-for courses available on the market, but the key to sustained knowledge is repetition. Creating an easily repeatable training course, or even gamifying the learning process will yield the best results over time.

Implementing Assessment Strategies

One of the cornerstones of maintaining an effective cyber resilience strategy is constant evaluation, therefore implementing assessment strategies to identify potential risks within the framework is crucial. This is especially true in a transitional period, such as a change in the organisation’s operating model, when the infrastructure is temporarily vulnerable and therefore the attack surface increases. The type of assessment will depend on the individual needs and resources of the company, but performing it with a regular cadence remains imperative across the board. Certainly, when it comes to remote working, employee devices will be a focal point for the assessment strategy.

As more and more companies opt for a hybrid or even fully remote operating model, rethinking old policies and strategies to fit the evolving needs of the business is an absolute must. While everyone is trying to navigate this transitional period and adjust workflows accordingly, it pays to stay vigilant of the vulnerabilities this might pose from a cybersecurity standpoint and work together with your experts to ensure continued safety for all.

About the Author

Neville Louzado is Head of Sales at Hyve Managed Hosting. As Head of Sales at Hyve Managed Hosting, Neville boasts a demonstrated history of working in the Information Technology Services industry. Skilled in Sales, Managed Public and Private Clouds, VMware, Data Centers, and Virtualization, Neville is a strong sales professional who graduated from Staffordshire University.

Featured image: ©Merla