Feb 17, 2022

Security tips for a secure and hybrid work environment

In recent years, we have all got used to hybrid working. We are more mobile and working more remotely than ever. You hardly ever come across a private desk in the office anymore. We prefer to work in the cloud and through digital applications like Office 365. For many this is a productive way of working, however it can also bring risks to an organisation. One of those risks is security. How do you make sure that your employees in the office, at home and on the road handle sensitive company data safely?

At the start of the coronavirus crisis, many organisations experienced security breaches. In many cases, this was because they were not properly prepared for a hybrid working environment. A study by IBM shows that between August 2019 and August 2020, there were more than 500 cybersecurity breaches. On average, each breach cost $3.86 million and took nearly 300 days to identify and manage*. Even now, more than a year later, many organisations have not sufficiently adapted their IT environments to a hybrid work environment.  

Commit to security awareness 

A primary factor that plays a crucial role in securing your organisation's data are the employees within your organisation. Although they are often overlooked in security measures, employee security awareness is extremely important. Do your colleagues know what role they play in data security? An IBM report states that approximately 95% of IT security breaches are the result of human error, yet many employees are still unaware of these findings. This highlights why it is important to emphasise security awareness.How can you do this? Make sure employees are aware of current cyber threats, such as phishing. You can do this, for example, through security awareness simulations, workshops or courses. At Bechtle, we can help you train your staff in data security. 

Zero Trust Network Access 

Besides well-informed employees, you also need IT solutions that will help you secure your company's data. A simple solution could be ensuring that your home workers use Zero Trust Network Access (ZTNA) . ZTNA can be described as an extended VPN, and ensures that you can connect securely to the company network from any location. By default, a home network is not encrypted by default, which is essential if you want to protect your corporate data. ZTNA is based on the principle that nothing and nobody can be trusted. 

With each login attempt, the user must re-authenticate via multifactor authentication (MFA), regardless of location or device. This means that a password only is not sufficient, and an additional method of identification must be used. This is usually a code sent by SMS to the user's mobile device, or a code displayed on an app.  

With ZTNA, only authorised users have access to specific applications. Users do not have access to the corporate network, unlike with a VPN. VPN trusts everyone on the network. So if someone ever gains unwanted access to the corporate network, that person has free access to all the data. With a zero-trust network, you can also set up location- or device-specific access control policies. 

 

Prevent shadow IT

Using hardware or software that is not aligned with IT can result in data breaches. For example, private laptops that are linked to the company network, or the use of personal Google Docs. This is known as Shadow IT. Shadow IT mainly comes from employee dissatisfaction with the limitations of the corporate IT infrastructure.

Dissatisfied employees turn to their own user-friendly resources. About 80% of employees admit to using SaaS solutions not approved by the IT department in the workplace**. Unfortunately, there is no one-size-fits-all solution to this. But you can ask yourself, "Am I providing the ideal way of working for my employees?". If you take away the dissatisfaction of your employees and provide them with the right tools to do their job, they will have an improved user experience and will lose the need to look for alternatives. 

 

Use zero touch deployment  

As an organisation, do you want to be more in control of your data security? If the answer is yes, you need to start using zero touch deployment. This has many advantages when it comes to security and the risk of human error is eliminated. For example, you can configure devices in advance, control both security and network settings, and enforce new passwords. If something does go wrong, a device can be remotely locked, and the data deleted. 

Zero touch deployment is used, for example, in a Device as a Service solution. With Device as a Service, you pay a fixed amount per user, per month for hardware and services. With zero touch deployment, the devices are delivered to the end users home, ready to be used and preconfigured. Read more about zero touch deployment here. 

Conclusion

Security risks in hybrid work are manageable if you set up your IT correctly. There are several options to ensure that your sensitive business data remains secure. Would you like to know which solutions are best for your organisation? Feel free to contact one of our specialists. 

Share this page

This post was published on Feb 17, 2022.