The COVID-19 global pandemic forced millions of workers to leave their offices and work remotely, creating new cyber security challenges for companies worldwide.
Cyber criminals took notice, causing companies to experience losses due to data breaches IBM estimates that in 2021 a data breach incident costs enterprises $4.24 million on average.
Even though the workforce is returning to offices in varying capacities, research on the new workplace reality indicates that managers are planning for a hybrid working future.
According to Gartner, 82% of business leaders plan to let employees continue to work from home (WFH) in at least some capacity, while 47% plan to allow employees to do so.
Spotify has turned to the work from anywhere (WFA) model to give their employees the option of working from an office or home, and even from a geographic location of their own choice.
An increasing number of workers will access their online work through vulnerable networks, and additional security measures have to be put in place to mitigate the connected risks.
The risks of a hybrid work environment
The switch to remote work left managers dealing with several cyber security threats stemming from unsecured home devices and networks, as well as unprotected internet traffic.
When many employees work from a single location, there is only a need to protect the main network – which is less demanding than protecting as many endpoints as there are employees.
“More employees working from anywhere means more devices connecting remotely, outside of the secured corporate network. As a result, businesses’ control over data is slipping rapidly.”
Building for security and privacy that is normally available in a controlled corporate physical environment with defined physical barriers are routinely obliterated in WFA environments.
And the risks associated with WFH are amplified when the move is made to WFA.
This is because it includes not only our home base but also working on the road at customer locations, airports, coffee shops, and just about anywhere with wired or wireless connections.
“Working from home was a challenge to cybersecurity personnel everywhere, but the growing trend of working from anywhere entails a new set of threats to consider,” adds Gurinaviciute.
“Working from anywhere usually means using unencrypted public wireless networks, which are more susceptible to information being intercepted and malware being distributed.”
“There is an array of ways and approaches in which digital hackers exploit unsecured public networks, and businesses have to adapt their cyber security strategies accordingly.”
Adapting to cyber security protocols
The consequences of poor cybersecurity hygiene while working remotely can include anything from compromised sensitive data to unauthorized access to the organization’s infrastructure.
Secure communications while working remotely can be ensured by the combination of technical solutions and controls with proper employee operations security (OPSEC).
“Typically, when it comes to securing your teleworkers, the first item on the agenda is developing a corporate policy. This policy should outline what’s acceptable in a remote working environment, how data is handled, what levels of authorization are available.”
“Risk-based decisions can also be made depending on the types of devices that employees use for teleworking which vary from company issued devices to personal laptops or smartphones.”
“It is advisable that devices that haven’t been issued specifically by the company should be subject to more stringent controls,” says Gurinaviciute.
Since every remote employee is a potential threat to the integrity of a given company’s data, businesses are shifting their cybersecurity strategies away from the castle-and-moat approach.
Companies assumed safety with a robust, perimeter defense oriented approach to cyber security. Network solutions based on Zero Trust are replacing static defense strategies.
In the Zero Trust framework, the given network is protected by granting users and devices access to only those parts of the network that are essential to their task.
In such a system, every user is authenticated before being allowed to access the data through an encrypted tunnel. Even if a device gets compromised, it can’t cause network-wide damage.
“Zero Trust-based systems enhance cyber security in three key areas secure access, secure browsing, and increased cyber security training opportunities,” adds the NordLayer expert.
“First, a comprehensive security framework of this kind allows the remote employees to safely connect to the company network without putting the whole network at risk.”
“Second, web browsing becomes considerably safer, allowing cybersecurity personnel to ensure employee browsing habits are not potentially harmful to the company.”
“Finally, due to the automated nature of Zero Trust-based systems, managers gain more time to educate their personnel on best cyber security practices, which is crucial because defrauding humans is one of the chief enablers of successful cyber attacks.”