Before 2020, 75% of U.S. employees never worked remotely, and only 6% worked from home exclusively. When the pandemic forced millions of businesses to reevaluate their work environments, IT teams quickly pivoted to accommodate the now huge number of employees working from home. Because so few companies were supporting a remote workforce at the time, there was no infrastructure in place to ensure data protection and to support and secure the multitude of new endpoints. Security quickly became an issue as pandemic-themed phishing and ransomware attacks exploited the wealth of new vulnerabilities. In the early days of the pandemic, hackers took advantage of distracted employees who were desperate for answers and reassurance, targeting them with malicious emails disguised as public health information. Additionally, a shortage of laptops and other office equipment employees needed to set up effective home offices led many people to share devices with family members and access company files and applications on poorly secured home internet networks. These security worst practices further broadened organizations’ attack surfaces, leading to a significant increase in data breaches and other security events.
The Hybrid Office Model Presents a New Set of Challenges for IT
Several high-profile companies, such as Twitter and Slack, are choosing to make remote work permanent. However, as COVID-19 case numbers decline, others, including Salesforce, are beginning to bring workers back on-site, at least part-time. This hybrid work model sounds like the best of both worlds on the surface, but if you dig deeper, there are several not insignificant challenges for IT teams trying to support this type of environment. The first issue is that a hybrid workplace literally (and I do mean literally) makes security a moving target. With employees requiring remote access to the company network on a broad array of devices and from every imaginable location, there is no practical way to set up a security perimeter. This brings up the next issue: IT now has to protect both in-house and remote work environments and allow employees to move fluidly between them. This requires IT teams to create two robust security strategies and ensure they play well together. During the past few years, IT infrastructure has become increasingly complex. And as businesses of every size have become painfully aware, increased infrastructure complexity equals increased attack surface. Supporting a hybrid work environment adds to the complexity because employees now need networking, backup/storage, telecommunications, and AV technology that works seamlessly whether you are in the office, in a coffee shop, or in your car.
Data Protection for a Hybrid Office
The prospect of supporting and securing a hybrid work environment may seem daunting, but with smart planning and a proactive security strategy, you don’t have to be a sitting duck. Here are six best practices IT teams can adopt to keep sensitive data secure during the transition to a hybrid work environment:
1. Dedicate a security team.
If your budget allows, hire or assign IT staff members to focus only on security. If your budget doesn’t allow it, consider finding a managed IT services partner you trust to handle security for you.
2. Increase employee awareness training.
With the proper training, employees in other departments can become an extension of IT. Arm them with the knowledge they need to avoid phishing scams, especially those targeting workers returning to the office; identify bad links and malicious email attachments; recognize common threats and how they get in; and raise the alarm if they make a mistake.
3. Enforce cybersecurity policies.
All the security policies in the world won’t protect your data if you don’t enforce them. To be effective, your policies should define roles and responsibilities for all staff and stakeholders and provide documented rules for your company’s high-priority security practices. Each company’s policy will differ based on business type and compliance requirements, but at a minimum, your cybersecurity policies should address email encryption, remote access, password creation and security, social media practices, and device usage.
4. Segment the network.
If a hacker infiltrates the network through an intern’s email, they should not be able to access the company’s most mission-critical data. Segmenting the network keeps your most valuable assets and information away from less-important applications and files so hackers are limited in what data they can access and potentially steal or encrypt. With VPN and RDP topping the list of favorite ransomware attack vectors, I also recommend creating a separate VPN for employees working remotely to minimize data access in the event of a breach.
5. Keep software and patches up to date.
Keeping patches and software updates current is one of the most effective ways to prevent a data breach. Yet many IT teams put off these important updates, leaving the organization open to a cyberattack. Automating updates can help alleviate some of the pressure on IT to get it all done, but it is crucial to ensure patches are installed promptly on all devices with access to the company network and that all updates are kept current, even if it must be done manually.
6. Update business continuity and disaster recovery plans.
If your organization is moving to a hybrid work environment, it is critical to review the business continuity and disaster recovery plans and update them immediately to incorporate the differences in operations and IT processes and policies. An outdated business continuity plan could spell disaster if a cyberattack, weather event or other unplanned disruption knocked out your systems. Investing in an integrated cybersecurity and data protection solution can also help mitigate some of the risks when included as part of a comprehensive business continuity and disaster recovery strategy. These all-in-one solutions identify and neutralize threats and keep backups secured and out of harm’s way. As businesses navigate what comes next, IT professionals must adapt to the changing face of the workplace and create data protection strategies that are up to the challenge. Download “The Essential Work from Home Guide” to learn more about how to secure data when the traditional security perimeter no longer exists.