After a year and a half of working from home, companies have started calling their employees back into their offices. However, as the COVID-19 Delta variant continues to spread, many companies are expecting to see a hybrid workforce model emerge as the new normal. Uber, Citigroup and Qualtrics, for example, have each issued employee schedules calling for three days a week in the office, although many workers would prefer more time away.
But while a hybrid work schedule may be beneficial for many employees, IT leaders will have to navigate a minefield of potential security risks. Among those worrisome practices are sending company files to personal email accounts for printing at home, sharing company information on personal email accounts and the use of public Wi-Fi stations.
The predictable result, as documented in the Verizon May 2021 Data Breach Investigations report, is that attacks against cloud-based email, remote desktop applications and similar technologies designed to assist with remote work all increased over 2020.
Security doesn’t get any easier with some workers returning to the office, others staying home and quite a few doing a bit of both. That’s because the office, which was once the company’s security standard, is often full of devices that have been sitting idle since early last year. Security patches, which are issued all the time, are important to install at the point they’re published. But a computer that has been turned off for a year, unable to download patches, is a vulnerable device. And there may be dozens or even hundreds of patches waiting in the queue that are needed to bring a device up to par.
There are, not surprisingly, a host of recommendations that experts have offered to help security teams in their work. Educating employees on the threats that people and companies face is one of their top suggestions. A survey from Proofpoint’s State of the Phish report emphasizes the need for a people-centric approach to cybersecurity protections and awareness training that accounts for changing conditions, like those constantly experienced throughout the pandemic. While the survey findings found that 90% of U.S. infosec survey respondents said their workforce shifted to a work-from-home model last year, only 29% said they trained users on safe remote working.
Investing in solutions, including automation tools that relieve teams of manual tasks and solutions that alert them to threats and can prevent security incidents before they happen, are also common pieces of advice. But company executives also play an important role in securing the new normal workplace.
Company leaders will be challenged to create a culture that empowers people to work productively and gives them space to come forward with security issues and errors. They must build a security strategy for a hybrid workforce that doesn’t get in the way of people doing their jobs and involves both IT and security leaders in crafting office reopening plans. They should also make security training into a positive skill—one that builds employee capabilities long-term, arming them with the tools they need to make smart cybersecurity decisions. Beyond these recommendations, I would also offer the following:
A hybrid workforce requires a hybrid approach to security, one that leverages both technology and training to foster an agile strategy. And while the new hybrid work dynamic clearly presents challenges, implementing these elements into your IT security strategy will put you on the path to better managing a complex threat landscape.
Penetration testing, or pen testing for short, is a critical way to protect IT systems and sensitive data from malicious…
Virtual private networks (VPNs) form a staple of the modern work environment. VPNs provide an essential layer of protection for…
Cradlepoint, a unit of Ericsson, today launched a secure access service edge (SASE) platform for branch offices using 5G wireless…
Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results…
What is the CCPA, the California Consumer Privacy Act? CCPA, or the California Consumer Privacy Act, is a law in…
Authors/Presenters: *Federico Cernera, Massimo La Morgia, Alessandro Mei, and Francesco Sassi* Many thanks to USENIX for publishing their outstanding USENIX…