Businesses across Europe and around the world have long settled into hybrid working practices. Even traditional, “5 days on-site” companies are having to make some concessions towards flexibility in the workplace. While many are valuing the benefits of the ‘new normal’, businesses have been facing a number of new challenges as a result of the increasingly mobile workforce. None, however, are as concerning as the increasing threat to cyber security.
The widespread use of personal devices and unprotected internet networks as people work from wherever they may be, has significantly widened the attack surface for businesses. Ensuring employees are utilising high-quality and secure internet connection is about more than preventing patchy Zoom calls; the reality of using a personal laptop on an unsecured network presents significant risks that could severely compromise a business if breached.
IT managers today are faced with unprecedented challenges. Not only are they responsible for reviewing and securing office networks and endpoints, IT leads also need to ensure that employees understand how to protect their respective home offices and other places they may work from. As the overwhelming majority of successful breaches are the result of human error, it’s critical that the fundamentals of security are not overlooked.
As such, we invite business owners to look ahead to their next IT security check-up by highlighting the basic areas to consider to ensure systems are as secure as possible.
1. Adapt security practices for hybrid setups
Cyber security was a top concern for businesses even before the pandemic, albeit an easier one to navigate when teams were usually in one place. Trying to secure disparate workforces presents complications to security practices, given that employees no longer benefit from the use of only one network and a more unified approach to security. Given this, it is essential for both leadership and IT teams to develop updated security policies that reflect the reality of hybrid working.
While IT managers should assess a range of collaboration security tools and platforms, a few examples of recommended security practices to suit hybrid working includes strengthening endpoint security, adopting software-defined perimeter/zero-trust network access and enacting collaboration security.
By refreshing protocols and best practices for accessing work servers remotely, management can make positive steps towards implementing and normalising a security-conscious workforce. This ensures employees are not only aware of the vulnerabilities present in everyday working life, but also have a framework in place that guides them to take the necessary precautions, wherever they are.
2. Regular assessment of home and office networks
Reviewing the standard of equipment already in place is a simple step to take as part of your security refresh. Checking the capacity of key equipment – such as routers, IoT, and other devices – is important to spot potential vulnerabilities.
Updating routers to enhance security creates a safer way for people to connect and with plenty of options to choose from, businesses should not hesitate to advise and where possible, equip, employees with the appropriate tools. Consider the latest Wi-Fi 6 to increase network speed, range and ensuring a smooth connection for device-dense homes; 4G/5G routers which offer independent bandwidth from the household’s network, or a VPN router which offers a secure and private connection from home to an office network.
3. Regulate the use of personal devices
Checking and replying to emails from non-work designated smart phones and accessing and sending work documents from personal computers are widely accepted risk-laden behaviours of employees today. While this is sometimes necessary, ideally, employees should not have to rely on their personal devices, as they will not necessarily be set up to cope with business-related cyber threats from important systems updates to using quality firewalls and VPNs.
Although most devices offer notifications reminding users of important updates, IT teams have less oversight of these when it comes to personal computers and mobile devices. What’s more, personal equipment can vary in terms of brand and operating system, making it more difficult for IT teams to keep tabs on employee’s security setup. Likewise, they cannot guarantee that users will even adhere to appropriate time frames prompted by their own computers when it comes to necessary updates and patching. As such, it’s important to understand what personal devices employees are using to access work-related information and place limitations on usage.
4. Communication and accountability are key
Once a new security policy has been developed and implemented, and vulnerabilities presented by existing devices have been addressed, an important consideration is to bring employees up to speed on how they can uphold company security practices, for example, by reporting issues and incoming phishing emails. Each employee must be conscious of their role in safeguarding against risks to the business. It is up to management to educate workforces on the correct approach and check in on them to ensure compliance.
As businesses grapple with striking the right balance between partial return to offices while affording the flexibility of remote working, technology remains a central part of this transition. As companies continues to introduce new infrastructure to keep up with the demands of hybrid working, the importance of upholding robust security practices cannot be overlooked.
To find out more about how D-Link can help improve your businesses’ security, whether at home or in the office, click here.