Here at Nutbourne, we’ve written previously about the growing trend of hybrid working in a general sense. Today, however, we wanted to knuckle down on the cybersecurity aspect of this working trend. Some workplaces have already committed to a long-term hybrid future, whilst others remain reticent and noncommittal.
There are some that even want to abandon the idea of the hybrid workplace, altogether. The head of US bank Morgan Stanley, for instance, said he wanted his employees back in the office by September.
For those firms that are looking to continue with this nascent working methodology, how can they ensure they’re as cyber-secure as they would be with all employees located in one site. Here at Nutbourne, we offer a comprehensive range of cybersecurity solutions in London, and we wanted to go through some of the processes companies might look to implement, moving forward.
Employees are the Weak Link in the Chain
No, we’re not being harsh here, but typically cybersecurity incidents arise first and foremost due to user error. That’s not to say these are ‘stupid’ mistakes – not by any means – it’s just that cyberattacks are becoming increasingly sophisticated and hard to pick out.
Given that sometimes cybersecurity professionals still sometimes have a hard time picking out the most advanced fraudulent emails, for example, one thing these mistakes tend not to be are reflections of user/employee intelligence or capability.
That said, of course, a degree of common sense is always required, and we’d recommend all employees undergo some basic cybersecurity awareness training, so they know the basics to look out for in terms of phishing emails, for instance.
Implement a Company-Wide ‘Zero-Trust’ Policy
Increasingly, companies are moving away from blindly trusting big corporations, no matter how reputable and well-trusted they are. Again, that’s no reflection necessarily on the firms, in question. It’s more just that in today’s world, where hackers are as sophisticated and advanced as they are, nobody’s infallible.
It might seem a somewhat cynical model, the idea of trusting literally nobody, and verifying everything, but it’s effective. The model stems from the realisation that assuming everything within an organisation is automatically trustworthy, is outdated and misguided. The intricacies of the zero-trust model are for another post, but ultimately, it gears around verifying absolutely everything. If you use something in your day-to-day? You keep it secured.
Multi-Factor Authentication (MFA)
A core tenet of this security model is MFA. Multi-factor authentication is one of the easiest security protocols to implement within a company. Yet still, somehow, it remains woefully under-utilised. Companies can leverage MFA technology to drastically reduce risks brought about by the remote tranche of its workforce. If you’re going to implement anything, then let it be (even a basic) MFA strategy. 2FA (two-factor authentication) usually involves a verification code being sent to a user after a login attempt.
Contextual authentication is a step beyond 2FA, and is recommended if at all possible. This makes use of variables such as IP address, geographic location and time of day to serve as an additional snippet of information. If this added contextualisation flags suspicious activity of any kind (an unknown IP address, for instance) then more stringent MFA instructions can be issued before login access is granted.
Regularly Back Up
And by this, we mean regularly. Back ups remain one of the only failsafe contingencies against malware such as ransomware. If your company’s information, files and data become encrypted as a result of a ransomware attack, you want to be able to restore at least a semi-recent backup, so as not to lose too much. Without regular back ups, you’re at the beck and call of hacking individuals. With back ups, however, the playing fields are evened out somewhat.
Re-evaluate the Company Risk Perimeter
If a company is trying to establish a truly zero-trust set up, then it needs to factor in the networks of home-workers as extensions of the firm’s network, overall. Another way of looking at it is that as soon as you open up your working methods to include home working, it becomes easier for cybercriminals to slip through the net, or bypass security teams unchecked. There’s more to monitor; more endpoints, more devices and different internet networks to name just some of the challenges posed by remote working employees.
That’s not to say it’s not manageable for companies, of course, it’s just you need to start treating your employees’ homes almost as extensions of the workplace. That’s to say, smart devices, TVs, gym equipment with internet connectivity – anything that could fall under the bracket of the internet of things (IoT) – should be secured and undergo verification in the same way that those same smart devices would in the workplace.
Securing a hybrid workplace, that’s to say, truly securing it, is no easy feat. We’d argue, though, it’s an incredibly worthwhile pursuit, given how effective a working model it’s proving to be.
So, if you’d like to find out more about our cybersecurity solutions in London, and how they can help with the hybrid workplace, then get in touch! Contact Nutbourne today on +44 (0) 137 7273 or by filling out one of our online enquiry forms. Alternatively, you can message us via our Live Chat option; one of our team members will get back to you as quickly as possible. However you wish to get in touch, we look forward to hearing from you!