The newfound possibilities of flexible working – from less commuting to a better work-life balance – are now a firm priority for employees. However, the new way of working also brings new risks that companies need to be aware of. The following five tips will help companies protect their employees despite remote work.
According to a Future Forum study, almost 82 percent of respondents in Germany still want flexibility when it comes to the location of their work. For companies, this means they can ill afford to forgo hybrid forms of work. After all, it not only helps to provide a more attractive workplace in the “war for talent,” but ultimately also ensures greater satisfaction, motivation and productivity.
Given the rush to adopt this new way of working, many companies have overlooked one of the biggest challenges: cybersecurity. Criminal actors have taken advantage of this uncertainty and change over the past two years to trick companies and their employees. However, those who follow the following five tips can put a stop to cybercriminals and reap the benefits of the hybrid workplace without compromising their own security.
Tip 1: Know your risks
Online fraud cases have increased by 70 percent during the pandemic as perpetrators take advantage of working from home and relying on online devices more often. From COVID-19 test scams to hacks via QR codes, the first step to increasing security is to acknowledge the various forms and extents of security risks. Security managers must therefore regularly identify new threats and vulnerabilities and implement improved controls. This can ensure that companies stay ahead of the risks.
In addition, it pays to understand the impact of security risks and educate the entire organization on the subject. This can have an impact on more than just the company’s bottom line: research has shown that victims of cybercrime are also emotionally damaged, less happy and more afraid. So security today isn’t just about protecting your technology and finances, it’s also about protecting your employees:inside. When raising your workforce’s awareness of security risks, do so with empathy. Communicate that the security team is supportive and will help if your employee:s have security concerns.
Tip 2: Reduce reliance on email
Email is the primary attack vector that attackers use to gain access to organizations and their employees. One of the most common methods is email spoofing, in which an attacker creates an email that makes it appear to be someone else (often an executive at the company they are targeting).
Attackers add a sense of urgency to their emails by faking the identity of executives so that employees are more willing to take the requested action. CEOs can protect their companies by making alternative communication mechanisms the norm. Companies need leadership and blanket internal communication even within Slack. Just moving some parts of the business into Slack won’t be effective enough to solve this problem.
For both internal and external communications, it’s now easier than ever to change habits and reduce reliance on email. This can be one of the most effective ways to minimize vulnerability to attacks and fraud. In addition, moving communications out of isolated email chains and into tools like channel-based collaboration platforms has the advantage of not only being more secure, but also allowing for easier collaboration with teammates. Moving to channels, which can be created for each project or task and provide a centralized place to share messages, tools and files, can also break down barriers between teams and even enable cross-company conversations.
Tip 3: Empower Your Employees with Tools Fit for Business
Before the pandemic, security was all about building a protective wall. For example, companies had a firewall to protect the base of the enterprise. This was easy to maintain – at least if you assumed that 99 percent of the work was done in the office. As that state of affairs has fundamentally changed over the past two years, IT specialists must now be enabled to bring the same level of security into the workforce’s own four walls.
IT teams must stay ahead of the needs of employees. Otherwise, employees will find their own solution to meet them. This in turn can increase the risk of sensitive information being exposed. And once so-called “shadow IT” is in use, it becomes difficult to get rid of it. In short, when project teams informally fill gaps in their technical equipment by communicating with simple messaging apps, for example, unnecessary security risks are created.
Encryption is a bare minimum for workplace collaboration. Enterprise-grade apps offer additional features, such as enterprise key management and audit logs, that enable IT teams to better protect data and employees. Finally, when working remotely, companies no longer have firewalls that can intercept employee traffic. They must either rely on laptop-based monitoring (which can impact performance) or use SaaS providers that support DLP integrations. For example, using Slack and Slack Connect’s integrated DLP solutions allows monitoring of sensitive information exchanges.
A dedicated partner ecosystem for security and compliance also means that enterprise-grade collaboration platforms can easily connect with security solutions such as Okta or Splunk. Berlin-based fintech Solarisbank, for example, relies on the PagerDuty alerting system to respond quickly, transparently and efficiently to all platform incident alerts.
Tip 4: Strengthen your identity and device management controls
As workers:inside increasingly use private Wi-Fi and devices, it’s time to establish new security baselines. Securing information in a hybrid work environment starts with identity controls. From session duration metrics to two-factor authentication and domain claiming, it’s important for organizations to think twice about how they ensure only the right people have access to corporate information, no matter where they work.
Session management tools, standard browser controls, additional layers of authentication, and the ability to lock down jailbroken or rooted devices are additional safeguards to ensure that only authorized people and approved devices connect to your network.
Tip 5: Change your mindset when it comes to security
Just as the world of work has changed drastically since the early 2020s, so has the security space. IT teams have worked tirelessly to stay ahead of rapidly changing conditions. But new threats, such as the misuse of artificial intelligence, are just beginning to emerge. To help IT teams do their jobs and protect businesses, we need to bring about a shift in thinking about security.
That means formalizing working from home and offering employees and IT teams the same level of protection we would expect in a physical office. It also means better addressing the needs of remote and hybrid employees and providing them with enterprise-grade tools so they don’t have to rely on insecure platforms.
Finally, it means keeping the security of the tech stack top of mind. We need to reduce reliance on legacy tools that provide vulnerabilities to criminal actors, and instead build an ecosystem of enterprise-grade tools to help our organizations improve security. That way, employees can continue to enjoy the benefits of hybrid working while focusing on the tasks that really matter to them – safely and securely.