Modern Digital Business | DocuWare Blog

How to Avoid Security Risks in the Age of the Hybrid Workforce

Written by Joan Honig | Mar 2, 2023
Hybrid work has been an integral part of working life for more than three years now. Whether in the office, from home or on the go, the flexibility gained is arguably one of the most lasting and more positive consequences of the Covid-19 pandemic. Nevertheless, some companies still have not adapted their processes and systems to the new standard. This is especially true when it comes to cybersecurity. There is a lot of catching up to do. If teams no longer work exclusively in the office within the protected corporate network, this not only increases the risk of cyberattacks, but also the support effort for IT.  
 
According to a recent McKinsey survey of 25,000 American workers, 58% of them have been offered the opportunity to work from home at least one day per week. Thirty-five percent of respondents reported that they can work from home full time. 
 

No business is exempt

In a recent interview on the blog Safety Detectives, Markus Koelmans, VP of Engineering at DocuWare notes that prominent companies like T-Mobile and Capital One are also vulnerable to cyberattacks. “They are hugely successful businesses, yet both fell prey to hackers, which led to customer information being compromised,” he says.

 

Koelmans also points to the recent attack on Danish State Railways (DSB) which is the largest train operator in Denmark and Scandinavia. “The DSB network came to a screeching halt due to a cyberattack on a subcontractor that provides a critical app for train conductors,” he notes. “This is a valuable lesson to us all – we often focus so much on our own security but are remiss about checking the security practices of the businesses we subcontract with.”


Common work-from-home security risks

 
Hybrid work models represent a major challenge for IT security. Traditional security measures weren’t built to safeguard work-from-home employees (WFH). Here are some of today’s most common security risks.
1.  Unsecured networks 
While office networks have highly complex security measures, the situation is different in a home network. If it is unsecured or if a laptop connects to a public Wi-Fi network in a café, for example, without sufficient security measures, data is sent in an unencrypted format. This allows cybercriminals to access sensitive information and passwords with ease. 
2.  Phishing and ransomware  
Hybrid work models increase dependence on digital communication tools. For cybercriminals, this provides the optimal conditions for phishing or ransomware attacks. Phishing aims to obtain private sensitive information such as passwords or credit card details and can be done via fraudulent email (spoofing), instant messaging, text messaging (smishing), or voice fishing (vishing).
 
Ransomware refers to malicious programs that encrypt documents or entire systems or prevent the user's own access. Hackers can thus demand high sums for decryption. As a rule, these attacks are carried out with Trojans, a type of malware that disguises itself as legitimate code or software, that have been smuggled into the system via a previous phishing attack. 
 
3.  Bring your own device (BYOD) 
If employees access company data with private smartphones or tablets, hackers often have an easy job. These devices are often operated in insecure environments, and private and business data can be mixed. As a result, IT's security precautions are not effective, and IT has no control over users' private data and apps - for data protection reasons alone. However, companies must ensure that security measures can still be complied with, especially when employees use applications such as Facebook or WhatsApp on end devices that are also used for business purposes. 
 

How to protect your business against these security risks 

 
Use a VPN: It protects privacy by creating a self-contained network used for encrypted or anonymous communication and transmission of data via the internet. 

Zero Trust meets Zero Touch: The combination of Zero Trust plus Zero Touch security may eventually augment or replace VPNs because it provides per session access to a specific function rather than access to the entire network.  With Zero Trust, every login attempt is initially classified with a trust value of zero. Multiple authentication factors are required for a user to gain access to the corporate network. A continuous security risk assessment takes place in the background. 
 
Zero Touch complements Zero Trust because it involves automating authentication processes to minimize human interaction points. With Zero Touch authentication is effortless for the user. Employees are thus less inclined to seek shortcuts or workarounds. This allows them to perform confidential tasks without interruption from security-related applications. If suspicious activity does occur, trust in the system must be gained or restored using a minimally intrusive scan. The result: the corporate infrastructure is continuously secured while employees can continue to work from anywhere. 
 
Don’t neglect basic security precautions: Mandate that employees use complex, unique passwords and that anti-virus software, a strong firewall and firmware protection is in place.  
 
Create a data breach policy: This helps employees know how to respond to the loss or theft of company data. They need to learn what constitutes a data breach, how to recognize one, and what action to take. The definition of a “data breach” differs between countries and regions. So, if your company does business internationally, make sure your employees know what constitutes a breach in their local market so they can take the right steps to address the issue.
 
Update your privacy policy: Incorporate guidelines for new ways of accessing or processing personal information like conducting meetings on new video conferencing platforms like Zoom.
  
Establish best practices for the use of mobile devices: Separate areas (containers) are recommended to partition personal and company data and applications. Employees can use these to access all essential office functions such as email, calendar, contacts or company resources. IT, in turn, has the advantage of being able to remotely delete the container data if the device is lost or stolen.
  
Update all software regularly: Outdated software is an area of vulnerability that hackers can prey on.  System updates and upgrades are done to optimize the usability or design of a program and to add new security features.  
 
Use secure document archiving: Secure access and storage of business documents such as invoices, contracts or personnel files must be possible from anywhere. software supports you in this. The right solution has user authentication, HTTPS data transfer, 256-bit encryption, multi-level access control and traceability, and robust protection against malware and other forms of attack, among other features.
 
Educate employees: It doesn’t matter how stringent your internal security model is if cybercriminals can exploit your employees' ignorance or carelessness -- be it the use of insecure passwords, carelessly opening dangerous email attachments or visiting unsafe websites. Relying only on technical security measures but forgetting the human factor in the equation, means you could miss some gaping security holes.
 
Developing knowledgeable employees is an integral part of the effort to improve cybersecurity. Elearning and virtual training courses can make learning a flexible and location-independent part of everyday work.
 
Better safe than sorry: If an incident does occur, quick action is required to limit and quickly repair the damage. It is better to report potential anomalies too often than not often enough.  

The bottom line 

Always remember, even if all security protocols are followed, cybercriminals have the potential to overcome them. So, make sure you have a comprehensive back up and disaster recovery solution in place so that even in an emergency, productivity and business continuity are not compromised. 
 
In our hybrid working world, which is shifting more and more into the digital space, security risks are more prevalent than ever before. So, stay vigilant, adapt your IT infrastructure to these realities and train your employees. That way, your security will be just as effective as it was when most of your staff worked at the office.