The security implications of hybrid working

COVID-19 has changed the way we work, making remote working more accessible and acceptable to all. As a result, businesses are likely to permit a hybrid of office and home working going forward but what are the security implications of such an arrangement? As an IT professional responsible for your company’s network security, it is your job to know these and do what’s needed to stay protected. Here’s our perspective to get you on your way.

‍

Use of the home network and VPNs

It’s safe to assume that the networks your colleagues will be using at home will lack the security protections your office infrastructure has in place. This means a cybercriminal may be able to infiltrate a workstation via a network ingress that isn’t managed by the organisation.  

For a company of hundreds of employees, there is no way your IT security team can secure each and every home network; the responsibility has to lie with the employees themselves. You can help them however by providing them with clear communication (and reminders) on how to keep their antivirus or anti-spyware software up to date.

Home networks are also commonly linked to the cloud where files are stored remotely. So, it’s important that a remote worker keeps their cloud services separate from those used by the company. That way, if a cybercriminal breaches one of the accounts, they don’t have immediate access to the company’s data too.

‍

Use of home devices

According to research from Gartner, 55% of people are using personally owned smartphone or laptop devices for their work at least some of the time. A study from M3 found that this is causing concerns for businesses with 72% worried about malware, 59% worried about unauthorised user access and 68% anxious about file sharing.

If you’re allowing your employees to use their own devices for work, make sure that they know to lock down the device when not in use (and not share their password with anyone), and ensure that no unauthorised apps can be downloaded onto it. In most cases, an organisation will use a mobile device management (MDM) solution to help with enforcing security policies on personal devices.

‍

Keeping track of remote working

With more employees working from different locations, it’s likely to be more difficult to monitor who is accessing the network, as well as what they’re accessing and why. Work with team leaders and HR to establish who should or does have remote access privileges, where they are likely to work from and which use their own devices. This will enable you to build a thorough monitoring system for remote workers.

In addition to this, we recommend updating your remote working policy. This should include detailed guidance on creating and maintaining strong passwords, best practice for internet browsing at work, how to store devices securely, as well as what to do if a device or files go missing. It should also present rules around the access of company information and files in public places such as cafes or trains, as they could be viewed by other people. Finally, think about the other methods staff may wish to use to send or save information such as USB sticks or third party transfer tools such as WeTransfer. Rather than simply telling staff what not to do; give them ways to do what they need to, in a safe and controlled way.  

‍

Third party apps

The rise in remote working has been great news for communication and collaboration apps such as Microsoft Teams, Slack and Zoom. One of their “pros” is that they can be accessed across any device but, if not properly secured, this could lead to sensitive information falling into the wrong hands.  

‍

More vulnerabilities, more work?

Hopefully your scanners will do their job to identify the new vulnerabilities this hybrid of office and remote working will bring but how will you manage the increase in workload to prioritise and remediate them all? Thankfully there is a straightforward solution to this in the form of RankedRight. Simply set rules for how you’d like the system to rank vulnerabilities and who they should be assigned to and the system will take over the painful and laborious task of manual triage for you. This will enable you to have a greater understanding of which vulnerabilities are most critical and tackle them first.

‍

In conclusion, a blend of remote and office working looks like it’s here to stay, much to the delight of HR, Finance and workers themselves. There will of course be many security implications which is why it’s important to take necessary action now to keep your business protected.