The emerging acceptance of hybrid work environments following pandemic-mandated periods of working from home has come as a relief to many. Employees overall show a preference for working remotely at least part of the week, while employers’ fears have been allayed by the lack of disturbance to productivity.
But for one segment of specialists, the hybrid model poses a set of issues that they caution employers must address. The chiefs of information security at companies across Australia are urging employers not to ignore the cyber-security risks of having a partial remote workforce.
Ilan Rubin, CEO of software company Wavelink, noted that the hybrid approach to office life appears to be here to stay, and maintaining a network that’s protected from cyber threats is not only necessary for business security, but an important factor in the duty of care to employees as well.
“The hybrid workforce will be a permanent feature of the Australian and New Zealand business landscape moving forward, so organisations need to understand how to secure their networks and their employees in this new environment,” Mr Rubin said.
“A hybrid workforce means more employees will be working from home networks instead of the traditionally better-secured corporate network. Home networks can be filled with gaps due to connected smart devices that the employee doesn’t even realise are endpoints that could provide cyber criminals with access to the network. Organisations need to minimise this risk by deploying endpoint protection and maintain that zero-trust network access approach.”
There are three ways businesses should fortify their networks, according to Mr Rubin.
- Reassess budget priorities
Previously, organisations may have planned to spend on network upgrades or on-premises infrastructure, but now they may now need to redirect those funds towards elements that support the hybrid environment. This includes cloud adoption, endpoint security or collaboration software.
Mr Rubin said it’s important to develop an architecture that protects users across the local area network (LAN), wide area network (WAN), data centre and cloud edges.
- Re-examine security infrastructure
In a hybrid working environment, there’s a broader threat landscape with more endpoints outside the corporate firewall, giving cyber criminals more potential entry points. Organisations should consider introducing a zero-trust security approach, where no user is trusted and all users are given the least amount of privilege possible. This requires an automated security framework that covers every corner of the network from the office and data centre to the branch office and home office.
- Beware of insider threats
Unfortunately, Mr Rubin noted, people are the weakest link when it comes to cyber security due to human error opening the potential for malicious actions. Phishing attacks have become more widespread, with research from Deloitte suggesting that over 90 per cent of cyber attacks begin with a phishing email.
As employees communicate more often via email, clever phishing attempts can easily go undetected, so it’s essential to train the workforce to spot phishing attempts and reinforce the need to double-check with the purported sender of an email before following any instructions in that email or clicking any links.
“Understandably, a lot of organisations rushed to provision employees to work remotely when the pandemic hit. Now is the time to re-examine the security measures that are in place and plug any gaps,” Mr Rubin said.
“This means training employees to spot phishing attacks and taking the right security precautions at all times. Organisations should also make sure they have the right tools in place to protect the distributed network along with back-up data and disaster recovery plans. With all of these elements in place, organisations can protect their hybrid workforces now and into the future.”