TANGO Partners Perspective – October 2021
Combating Cybersecurity Challenges in a Hybrid Work Environment
Michael L. Giuffrida
The Covid-19 pandemic has forever transformed the way we work. The transformation has been so drastic, sudden and unexpected that many organizations have yet to upgrade their cybersecurity practices to protect employees who work remotely and on-site.
Nonprofits can experience the best of both worlds when operating in hybrid work environments, providing employees with more flexibility and better work-life balance without sacrificing in-person collaboration. However, the hybrid work model isn’t immediately compatible with old-fashioned cybersecurity strategies. No matter the size of your organization, these work environments are creating brand new cybersecurity challenges because of a rapidly changing threat surface. Organizations that don’t evaluate and adapt their defenses for the era of hybrid work risk experiencing a data breach and suffering costly consequences.
How Do Hybrid Work Environments Foster Opportunities for Cyber Attackers?
When employees work from two separate locations, they often use two sets of work devices, increasing the opportunities for attackers to engage in nefarious behavior. Cybercriminals can easily take advantage of human psychology and stress-related pandemic issues. In 2020 alone, ransomware attacks increased by seven-fold (Source). Here are some prominent cybersecurity risks associated with the hybrid work model:
- Unsecured home networks: Many employees don’t understand network security beyond the basics like securing a home Wi-Fi network with a password. They typically aren’t aware of how strong the password should be, and they are also not aware of different Wi-Fi security standards.
- Increased susceptibility to phishing attacks: Phishers prey on the fact that employees working from remote locations are more likely to be distracted or have their guard down. They are also aware that remote workers can’t simply ask the nearest colleague for a second opinion on a suspicious email, which only motivates them to launch more targeted phishing attacks.
- Unpatched Devices: Unpatched devices create a massive cybersecurity problem, as they are vulnerable to known exploits, which cybercriminals can take advantage of. Employees often don’t recognize how important patching devices is, and may frequently ignore updates because they don’t want to restart their devices.
- The proliferation of shadow IT: The phrase “shadow IT” refers to the use of IT systems, devices, software, applications and services, without explicit IT department approval. The hybrid work model fosters the perfect breeding ground for shadow IT by offering employees the freedom to customize their home work environment.
How to Protect Your Organization from Emerging Cybersecurity Challenges
For many organizations, it makes business sense to commit to the hybrid workplace for the long term. Due to the inherent risks associated with the hybrid work model, non-profits need to adjust their cybersecurity strategies in order to keep dangerous cyber threats at bay. It’s critical to determine what your updated risk profile looks like and invest in the right technology to address individual needs and new vulnerabilities. Here’s a look at some of the biggest priorities when establishing your new strategy.Develop Enhanced Cybersecurity Policies
Developing a robust cybersecurity policy and ensuring all employees in the organization are fully briefed and on-board is major priority. Successful cybersecurity depends on users being aware of how and where cybercriminals can attack, and what leaves them, and their devices, open to attack. It’s critical to educate employees on the value of staying aware of the danger, and how to mitigate it, including identifying and responding appropriately to social engineering and phishing attempts.
Consider incorporating the following into your cybersecurity policy:
- Acceptable use policy
- Encrypted data policy
- Network authentication and access policy
- Multi Factor Authentication (MFA) policy
- Password policy
- Screen lock policy
- Clean Desk Policy
- Remote Access Policy
Commit to Ongoing Cybersecurity Awareness Training
Organizations who invest in cybersecurity awareness training aim to prevent their employees from being the weakest link in the cybersecurity chain by re-educating them on the best practices and teaching them to recognize common threats like spam, phishing, and ransomware.
Empower Hybrid Workers with the Right Technology
The hybrid work model introduces unique challenges, which arise from the blurry network perimeter created by employees using a mix of work and personal devices from multiple locations. Be proactive and establish a comprehensive cybersecurity program which includes:
- Multi Factor Authentication
- Email, Login, VPN, Applications
- Virtual Private Network (VPN)
- SSL VPN Client
- Firewall at home with Point-to-Point VPN
- Endpoint-based Web Filtering
- Next Generation Anti-Virus
- Advanced Threat Detection
- Segregating Wi-Fi-Networks
- Personal, work, IOT
Important Lessons for the Hybrid Work Environment
Organizations of all sizes need to secure their endpoints wherever they are located. It’s important for employees to take some in securing the organization’s data, as well, which means they must be properly trained to do so. Take some time to consider what might be appropriate for the location of your organization’s data and apps based upon where your team works. Regardless of where data is stored, you still need to back it up, protect it and secure it
To learn more about the cybersecurity risks associated with hybrid work, and how companies can effectively protect their networks, cloud services, and endpoints from today’s most devious attackers, contact Kyber Security. Sign up for a complimentary hybrid workforce readiness assessment to gain insight on your organization’s unique situation.