Especially in the beginning of the Corona crisis, many organisations experienced security breaches. This was because they were not properly prepared for a hybrid work environment. A study by IBM shows that between August 2019 and August 2020, there were more than 500 cybersecurity breaches. On average, each breach cost $3.86 million and took nearly 300 days to identify and manage*. Even now, more than a year later, many organisations have not sufficiently adapted their IT environments to a hybrid work environment.

Commit to security awareness.

A primary factor that plays a crucial role in securing your organisation's data are the employees within your organisation. Although they are often overlooked in security measures, employee security awareness is extremely important. Do your colleagues know what role they play in data security? An IBM report states that approximately 95% of IT security breaches are the result of human error. Yet many employees are still unaware of these findings. This highlights why it is important to focus on security awareness.

How can you do this? Make sure employees are aware of current cyber threats, such as phishing. You can do this, for example, through security awareness simulations, workshops or courses. At Bechtle, we can help you train your staff in data security.

Zero Trust Network Access.

Besides well-informed employees, you also need IT solutions that will help you secure your company's data. Have home workers use Zero Trust Network Access, or ZTNA. ZTNA can be described as an extended VPN, and ensures that you can connect securely to the company network from any location. A home network is not encrypted by default, which is essential if you want to protect your corporate data. ZTNA is based on the principle that nothing and nobody can be trusted. With each login attempt, the user must re-authenticate via multifactor authentication (MFA), regardless of location or device. This means that a password only is not sufficient, and an additional method of identification must be used. This is usually a code sent by SMS to the user's mobile device, or a code displayed on an app.

With ZTNA, only authorised users have access to specific applications. Users do not have access to the corporate network, unlike with a VPN. VPN trusts everyone on the network. So if someone ever gains unwanted access to the corporate network, that person has free access to all the data. With a zero-trust network, you can also set up location- or device-specific access control policies.

Prevent shadow IT.

Using hardware or software that is not aligned with IT can result in data breaches. For example, private laptops that are linked to the company network, or the use of personal Google Docs. This is known as Shadow IT. Shadow IT mainly comes from employee dissatisfaction with the limitations of the corporate IT infrastructure. Dissatisfied employees turn to their own user-friendly resources. About 80% of employees admit to using SaaS solutions not approved by the IT department in the workplace**. There is no one-size-fits-all solution to this. But you can ask yourself: Am I facilitating the ideal way of working for my employees? If you take away the dissatisfaction of your employees and provide them with the right tools to do their job, they have no reason to look for alternatives.

Use zero touch deployment.

Do you as an organisation want to be more in control of your data security? Then start using zero touch deployment. This has many advantages when it comes to security and the risk of human error is eliminated. For example, you can configure devices in advance, think of security settings and network settings, and enforce new passwords. If something does go wrong, a device can be remotely locked and deleted. Zero touch deployment is used, for example, in a Device as a Service solution. With Device as a Service, you pay a fixed amount per workplace, per month for hardware and services. With zero touch deployment, the devices are delivered to the end users home, ready to be used and preconfigured. Read more about zero touch deployment here.

Conclusion.

Security risks in hybrid work are manageable if you set up your IT properly. There are several options to ensure that your sensitive business data remains secure. Would you like to know which solutions are best for your organisation? Feel free to contact one of our specialists.