Two years ago, the Covid-19 pandemic forced millions of workers across the globe into remote working and turned the way we work on its head. Prior to the pandemic, flexible or remote working arrangements had been the exception in most organisations – yet overnight it became the norm.
Since then, you couldn’t move for endless (and varied) commentary about the ‘future of work’ – with predictions ranging from the complete abolition of offices, collapse of co-working spaces through to the return of full time office presence. Two years on and we’ve settled on a more middle ground – hybrid work.
The New Normal
As lockdown restrictions ease across the globe, we’ve witnessed many different approaches to hybrid working – whether a formal company policy, or a ‘choose how you work’ model. However, no matter the approach, one thing remains clear – flexibility is here to stay.
There have been many studies that reinforce this – and all of them put the onus on the employer. Global research from The Adecco Group found that 40% of workers are considering moving to jobs with more flexible options, 80% of employees said they’d be more loyal to their employer if they provided flexible working options according to Flexjobs, and the Gartner 2021 Digital Worker Experience Survey found that 43% said that flexible working hours helped them be more productive.
The benefits of a more hybrid model of working is therefore clear and resound – yet, as with any new trend, it brings with it a fresh and unique set of challenges from a security perspective.
Security Challenges of Hybrid Working
Risks in the connected home
IoT devices continue to grow in popularity – whether it’s smart assistants, fridges, doorbells, or thermostats. While they seem unconnected to working life, these devices create more entry points for cyber criminals. If a cybercriminal can hack a smart device (which aren’t always designed with safety in mind), they gain entry to any other device on the same network – including corporate devices. Luckily, many manufacturers are now taking IoT security a lot more seriously and adopting a security by design approach. For consumers, device security starts and ends with the router, and recent research which revealed that one in 16 home Wi-Fi routers still supports the manufacturer’s default admin password should be a cause for concern.
Trusted remote access and cloud transformation
To mitigate against insecure home networks and devices pre-pandemic, many organizations would have systems in place to secure corporate devices outside of the office. However, many of these legacy on-premises solutions were not designed to accommodate for large numbers of personnel working remotely – nor were Enterprise VPN services. While this presented an initial scalability challenge when lockdowns were first enforced, this continues to be of vital importance. Whether at home or in the office, employees need secure access to company files and applications, and most organisations are turning to cloud access management and authentication solutions. This has increased the speed at which operations and security technologies are being moved to the cloud, and the need for trusted cloud environments.
Public Wi-Fi concerns
Remote working doesn’t just mean home working. The rise of ‘third spaces’ is a trend to be aware of – whereby workers are flocking to cafes, libraries and even pubs. Those that flock to these locations, often when offices aren’t open or available to them, claim they get a buzz and sense of community that they just can’t get when working from home. However, despite the productivity gains – it could be opening up company data to a whole host of risks.
A lot of these environments have open and public Wi-Fi networks. These networks are easy and convenient for those looking to log on, however they carry risks. Any device connected to public Wi-Fi is visible to anyone else on the network. Organisations might not be a position to dictate where an employee works when they are remote, but provision of VPNs, multi-factor authentication, access management solutions and education on the risks of public Wi-Fi is encouraged in this new hybrid working era.
The rise of consumer collaboration tools
The pandemic forced us all to change how we collaborate. You could no longer walk over to a teammate to discuss feedback on a piece of work, or head into a meeting room to talk about company confidential updates; everything had to take place virtually. Tools like Zoom, Slack and Asana are just a handful of the tools businesses turned to day to day collaboration, and we’ve previously discussed the growth of consumer platforms being used for messaging and collaborating. The danger with some of these tools – many are not secure and are prime targets for cyber-attacks. This informative article from TechTarget provides an in-depth overview on collaboration tool security.
Work -Life ‘Blurrance’
As the lines between home and working environments started to blur – so did attitudes to corporate device security. There are many studies on this, but one that caught our attention was this one from Avast which found that, a third of SMBs in the UK are connecting to corporate networks using personal devices that do not have any security controls in place. Over a quarter of employees admitted that they had connected a personal computer to a company network, and 15% had connected a personal smartphone. Of those who did this, many didn’t get permission to do so.
People don’t do this because they don’t care about security but rather they’re just looking to do their jobs with the tools at their disposal. Home working has made logistics for getting corporate IT and mobile devices to employees more complicated. It’s of paramount importance that employees’ connection is
reliable and easy to set up even in a complex logistics context. This way they can connect their devices easily and securely when they first turn them on.
Two Years On
Our recent Data Threat Report revealed that navigating these various challenges continues to plague businesses. After two full years since the pandemic started, 79% are still concerned about the security risks and threats that posed by remote working.
Flexible working will continue to dominate, as will the security risks that come with it.