Secure anywhere:
how to safeguard data
in hybrid workspaces

Cybersecurity has rocketed to the top of business priorities over the last decade as businesses defend against rising cybercrime. Professional hackers are always looking to identify new vulnerabilities to exploit, and the recent leap forward in remote and hybrid working proved to be one such opportunity.

While the trend towards flexible hybrid working has been gaining momentum for some time, the relatively sudden rise in home working driven by the pandemic meant that many organisations were forced to adapt without their usual security protocols. According to research, 90% of executives reported a rise in cybersecurity attacks on their businesses since the onset of the pandemic. The main challenges cited by those surveyed were all linked to remote working and controlling access from new devices and locations.

Now the period of emergency measures has passed, many organisations across EMEA are choosing to retain or further develop a hybrid working model. This presents new challenges to ensure people can work securely yet efficiently across multiple locations such as the company office, a local co-working space, a desk at home or on the go, while travelling to a meeting, for instance. Even organisations that are entirely based in their company office will be part of a chain where other businesses have made changes, which may have a knock-on effect on security.

To adapt to hybrid working successfully, IT teams should prioritise updating their cybersecurity framework to ensure it is robust yet agile. An organisation’s first step should be reviewing business processes and where new vulnerabilities could appear. For example, where employees share information with team members in other locations, are there company-approved tools to do this? Importantly, are people using them?

Research carried out pre-pandemic found nearly three-quarters of employees said they shared information with colleagues, and 60% with people outside the organisation, through file-sharing tools not provided by their company. The main reason for this non-compliance was complexity; staff chose the easiest option.

Devices and platforms used outside the perimeter of the office network may already be more vulnerable to cyberattacks, without humans’ natural inclination to find the simplest route. With this in mind, it’s important to introduce secure centralised document repositories which can be accessed easily and quickly by all employees. Even with this in place, businesses should always be aware of the risk of an accidental breach: how will critical documents be protected? Prepare now to avoid the worst outcome.

Due to the rise of cyberattacks and phishing attempts, which INTERPOL has called ‘alarming’, it’s important to implement training on the basics of security hygiene to avoid phishing attacks and this extends to device authorisation. A 2021 poll found nearly 20 per cent of respondents admitted that their work devices had been used by other members of their household.

It’s also good practice to establish a WiFi policy for people working remotely. Some organisations may wish to obligate users to connect their laptop or workstation to the router with a network cable, or to set up a VPN for use with public networks.

When implementing new security measures, it’s important to adopt secure habits and to ensure users won't be tempted to use workarounds or other platforms because of a laborious security policy. Maximising productivity, efficiency and collaboration are key to successful hybrid working, and imposing too many constraints could push employees to breach company policies in order to achieve these goals.

Conversely, it may be tempting to allow staff to use their own personal devices when working outside of the office. Consumer-grade hardware can be more affordable and quicker to set up with employees able to use technology they are familiar with, but doesn’t offer the same rigorous protection as those designed for business use.

Those developing hybrid working policies should, therefore, set boundaries and guidelines to limit shadow IT. Establish a dialogue with staff around approved devices, apps and software and keep up to date with issues. A solid security infrastructure is essential, but so is the flexibility to account for human behaviour and the evolution of working practices.

Protecting company information obviously goes beyond hardware. Companies adopting a hybrid working environment will likely already be in the process of introducing more digitisation into their workflows to make sure they can operate across locations. However, workflow software designed for businesses usually offer the additional benefit of inbuilt security such as customisable automatic rules about who can access or share the information, protecting documents even when they are moving between locations. Meanwhile, these workflow tools also make it easier to monitor and demonstrate compliance: IT teams can easily manage access, track the movement of data, and identify security vulnerabilities.

It’s important to apply this same rigour to cloud services. As more businesses move to the cloud, more cyberattacks will take place, so it’s essential to invest in the enhanced security protections. However, relying on the cloud – a third-party platform – does not absolve the user of responsibility for securing their data.

Hybrid working, where people and data move across locations, does place more demands on IT professionals. But following a checklist can put things in perspective:

• Ensure devices, email and cloud storage accounts can only be accessed by authorised people
• Monitor events and access via alerts
• Make sure old files are deleted and unused apps disconnected
• Conduct regular audits to minimise potential points of entry for hackers
• Educate employees on the importance of protecting printed documents and portable data devices outside the office

By staying ahead of potential security risks, IT teams can empower their organisations to thrive in the hybrid working era.