Work Safe. Work Smart.
The quick switch to remote working during the pandemic was a necessity for many office-based companies in order to remain operational. However, both companies and individuals soon realised the benefits of smart working and as a result many have now permanently adopted a mix of office and home working, flexible working it seems is here to stay.
The move to hybrid work — a blended and flexible approach where some employees return to the workplace and others continue to work from home, for all or some of the time, is constantly evolving as organisations attempt to find a balance that suits all, and one that’s cyber secure.
Microsoft’s Work Trend Index found that 66% of employers around the world are redesigning their workplaces to accommodate a hybrid working environment. In fact many companies have already made the switch, including big brands such as Adobe, Amazon, Apple, Facebook, Salesforce, Spotify, Twitter and Verizon.
Hybrid working brings increased security risks
Whilst there are many benefits to hybrid working, there are challenges too, including increased security risks.
Cyber criminals seized the opportunity presented by remote working and the fear of the pandemic. Preying on the vulnerability of home workers, they upped their game, using sophisticated methods to callously exploit people in order to gain access to corporate systems and sensitive data.
Two key opportunities presented themselves to attackers during the rush to home working:
- Firstly, remote users would require access to their organisation’s internal resources at unprecedented levels, causing administrators to open up perimeter security to (in some cases) thousands of individuals rather than a select few. This degradation of perimeter security could be easily exploited in many cases.
- Secondly, workers in many cases were now operating outside of a ‘known good’ environment, using corporate IT on the same home networks as £2 IoT lightbulbs, their children’s school Raspberry Pi project and their partner’s unprotected, un-updated Windows 7 PC. This meant that endpoints must be defended on the LAN with much greater focus than ever before.
As a result the covid-19 pandemic reminded many organisations that preparation is key to mitigate risks, and that the ability to quickly react to unforeseen events helps to reduce the impact of cyber attacks.
With flexible working now the ‘new normal’, remote workers will continue to be a target for cyber criminals, organisations need to be fully aware of the risks that an implementation of hybrid working can cause.
Those that have already benefited from securing their remote working arrangements will obviously be better prepared to face the continued risk of cyber threats. Others are having to completely rethink their cyber security plans.
What we do know for certain is that cyber criminals are always one step ahead, so you can never be too prepared, organisations can’t afford to be complacent in reviewing, testing and improving their cyber strategies.
So how do you plan your cyber strategy for a hybrid workplace?
Here’s the basic steps you should be taking to make smart working more secure:
- Ensure all devices and computers are encrypted and require a secure password to open
- Ensure complex passwords or biometric authentication is enabled for all mobile devices
- Enforce a Bring Your Own Device (BYOD) security policy
- Use two-factor authentication to ensure you know exactly who is accessing your data
- Implement a device management framework to allow tracking, remote wipe or device lock in case of theft or loss
- Use encrypted connections to prevent data leakage over insecure networks
- Keep antivirus services (or better still – EDR) and all software and firmware up-to-date
- Provide all staff with the cyber security education and awareness
- Implement solutions such as monitoring software for data leak prevention
- Replace home routers and low / end firewalls for key workers.
- Design, implement and test solutions for remote worker access to the organisation’s resources. Examples include virtual desktop, always-on VPN, application proxies and many more. Contact us if you’re unsure which one works for you.
For more information see our remote working guide: How prepared is your business for prolonged working?
Hybrid working calls for hybrid security solutions
A Managed Security Service Provider (MSSP) and cyber security consultancy, such as ourselves, is best placed to tailor cyber security solutions for organisations wishing to implement hybrid working.
We bring together cutting-edge managed cyber security solutions, such as firewalls, EDR, MDR, SIEM and NAC, with the latest cyber technology, industry best practice and advanced cyber security expertise.
We have strong and established partnerships with leading cyber security product vendors. As a Fortinet UK Partner of Excellence, and the UK’s first Fortinet dedicated expert level MSSP, can bring you the next generation of Fortinet products as part of your tailored cyber security solution, including firewalls, network access control and SIEM platforms.
Based on your locations, and the applications, data and devices you wish to access, we can devise, implement and even manage a “work-from-anywhere” cybersecurity solution that fits the unique needs of your organisation.
Supporting various types of remote workers necessitates the use of both security and management tools that can operate at scale. The following Fortinet technologies enable business continuity for a remote workforce:
- FortiGate – All VPN tunnels from the field are routed through this channel.
- FortiClient – The FortiClient Fabric Agent’s endpoint management system.
- FortiAuthenticator verifies the FortiTokens that are used by all remote workers.
- FortiManager authenticates all remote workers’ FortiTokens.
- FortiAnalyzer is a network reporting and analysis tool.
- FortiCASB manages cloud-based application access.
If you are looking for trusted advice on managing your organisations’ security strategy, our team of experts are ready to help, get in touch to find out more.