As America heads into a new phase of the pandemic—with vaccinations helping the workforce return to the office—nearly 70% of employers expect at least half of their employees to work semi-remotely going forward. That may mean an office full of professionals on self-defined schedules with some in the office every day and others commuting a few days a week or not at all. These scheduling irregularities, and users logging in from virtually anywhere, will continue to invite cybersecurity threats like those we’ve seen over the past year or so.
In the hybrid work model of the near future—the blend of remote and on-site operations along with constant transitioning between locations—business leaders need to keep digital parity in mind. All employees must have secure access to the resources required to do their jobs, no matter their preferred device or location (office, remote or in the field). Ensuring broad equality of access will introduce even more cybersecurity challenges.
Cyber Threats During COVID
It is no secret that remote work over the last year precipitated an increase in cyber attacks. Employees faced a new set of challenges in their off-site workspace, while the use of unsecure networks and personal computers, among other technologies, offered hackers novel entry points. From the earliest days of the pandemic, the FBI reported up to 4,000 new cybersecurity complaints per day, a 400% increase from previous levels.
As we mentioned in a previous blog post, there are many cyber threats associated with remote work, including:
- Hackers stealing employees’ credentials
- Employees keeping work data on personal devices, which may enable hackers to bypass the security safeguards IT departments have in place
- The use of internet-facing infrastructure instead of a company VPN
- The sharing of sensitive files on Slack/Microsoft Teams, email or any other file-sharing software
- Household internet service, laptops and internet of things devices, which can be compromised to exploit corporate activity
While this all may seem overwhelming, it is manageable with a dependable cybersecurity program. And, one positive takeaway is that many companies have finally realized the importance of providing a safe and secure work environment on their employees’ home networks. This is one area that will continue to require attention as we move into a new remote or semi-remote work environment.
The New Challenges
As the workplace paradigm shifts into the hybrid work model, security needs to adapt in lock-step with changes to technology and infrastructure. More and more security and IT operations intricacies will emerge alongside a hybrid workforce. Workers will likely move between locations consistently, creating a greater potential for rogue devices, outdated equipment or weak passwords to introduce vulnerabilities. Businesses will continue to face a multitude of security challenges, and inadequate cyber protection will continue to wreak financial and reputational havoc.
Additionally, many businesses will be implementing technologies (like temperature screening, wellness kiosks, heat mapping, crowd control and air filtration systems) to prevent COVID transmissions. While these technologies are great for public health, they could pose security risks.
Setting Up for Success
Whether your employees are in the office or remote – the following four tactics can be utilized to safeguard your company’s infrastructure.
First, ensure all employees company-wide are using a virtual private network (“VPN”). A VPN can be leveraged with remote desktop protocols to secure communication channels between the office and the remote employee. VPNs encrypt all the user’s connection data and are the most practical way to minimize data privacy and security concerns. Alternatives such as zero-trust based virtual desktop infrastructure (“VDI”) are available but are typically more expensive to setup and maintain.
Second, tight security log-ins are of utmost importance. Employees should be required to verify their identities before gaining access to the network. That can be accomplished with a secure VPN, multi-factor authentication/verification codes, geofencing and other enhanced cloud-based security tactics.
Third, conducting regular assessments like penetration testing and vulnerability scans can help identify weak points in the organization, which can be proactively remediated before they cause a bigger issue. In light of the recent changes in most workplaces, regular audits can test your infrastructure to ensure security measures are working as they should and that your employees are following proper procedures.
Finally, because companies are only as secure as their weakest employee, educating your users is one of the most important elements of company security. Ongoing security training will keep your staff updated on the latest threats (phishing, ransomware, etc.) and how to avoid them. Instilling security risk management best practices can be a strong counter-threat strategy.
Managed Detection & Response
In a hybrid workplace, you need tools and technology to uncover anomalies and expose potential threats specific to your users and their activity.
There’s no time like the present to call on cybersecurity experts to detect and respond to cybersecurity threats. A robust detection and response program should include:
- 24x7 monitoring, alerts and detection for known and zero-day threats
- Containment of incidents before they can spread and impact others
- Easy to deploy sensors providing the latest and greatest countermeasures available
- Simplified alerting and actionable threat intelligence
- Expert analysts providing support and response assistance for each incident
- Machine learning/AI-backed engines with constantly updated threat protection
Between managing internal communication systems and powering new public health technology, businesses moving into this new era of work have enough on their plates. Worrying about evolving cyber threats shouldn’t have to be an internal responsibility. Hiring a cybersecurity firm is an effective way to constantly monitor data and network traffic across employee systems and remove any potential threats that arise.
CyZen, powered by Friedman LLP, is a full-service Managed Security Service Provider. We have the capabilities to close the gaps on cyber vulnerabilities associated with hybrid work environments and implement the safeguards your organization needs to succeed. We have the consulting experience and technologies to both 1) enable effective preventative programs and 2) discover and stop breaches before they do damage. Our security solutions cover monitoring services, , security training and risk assessment/audits. Contact us today to see how our services can benefit you.
Subscribe to our blogSign Up
Message Us 212.842.7005
Sign up for Our Blog!
* All fields are required