What’s the Current State of Hybrid/Remote Work and Cybersecurity?

When companies scrambled to move operations online at the start of the pandemic, many had to come up with temporary, patchwork solutions to facilitate remote work—opening a number of security gaps, only some of which have been adequately addressed in the nearly three years since.

What’s more, remote work is no longer the only hurdle that IT teams are facing. Hybrid work, in which employees split time between the office and a remote location of their choosing, looks as if it's here to stay. It’s not just a matter of “home” versus “office” anymore, either—employees are increasingly working from multiple, third-party stations like coworking spaces or coffee shops. All this presents a tangled web for IT professionals, and there are persistent gaps in many organisations’ cybersecurity strategies.

While employees are largely in favour of the trend toward more flexible working environments, the wins in work-life balance come at a cost. According to the 2022 Mobile Security Index, major cybersecurity events skyrocketed 22% just one year after pandemic-prompted remote work policies went into effect. A whopping 79% of respondents noted that the shift to remote or hybrid work had negatively affected their company’s cybersecurity. And significantly, more than half (52%) of respondents said that when choosing between security on their mobile devices or an urgent deadline, they would shirk protocol to meet the demands of their job.

Below, we dig into some of the ways in which remote and hybrid work present increased cybersecurity vulnerabilities—and how products like Bitdefender Total Security can be a barrier between your business and bad actors.

Remote Work Leads to a Larger “Attack Surface”

The biggest issue of a distributed or remote workforce from a cybersecurity perspective is the fact that having more people signed into company systems from more places (and more devices) means there’s a larger “attack surface” for hackers or bad actors to target. There’s also a larger risk of “insider threats,” which means leaks or vulnerabilities that stem from in-house employees acting negligently or carelessly.

While some companies have addressed the issues that plagued them in the early days of the pandemic (think: random strangers Zoombombing an important company meeting), others still have a long way to go to ensure that their organisation is up to speed. Mobile devices in particular still present a major hurdle for IT teams: A recent report found that 52% of IT respondents consider mobile devices to be a significant challenge to their organisation’s overarching cybersecurity efforts.

For small business owners, it’s particularly important to ensure that you’re using a Virtual Private Network (VPN) on mobile devices if you or your employees will be working from public spaces. Investing in a product like Bitdefender GravityZone for Mobile Devices can also be a great step toward ensuring you’re protected.

Consider Investing in Company Devices for All Employees

If you work at a startup or small business, investing in company smartphones, tablets, or computers for each employee may seem a steep price to pay. But consider that the average cost of a data breach can cost hundreds of thousands of pounds or even more, and those numbers may start to become more attractive. Having dedicated company devices gives you and your IT team more agency over important things like software updates and access controls.

If you have no choice but to let employees use home/personal devices and WiFi networks from time to time, ensure they’re well-trained on using a VPN and other best practices for protecting their data, such as knowledge of the most current phishing schemes—which were up more than 600% in the first six months of the pandemic and continue to be a major problem, according to the National Cyber Security Centre. Ensure that you have multi-factor authentication (MFA) policies for any apps or sites that contain sensitive company data.

Educate Employees about the Risks

Beyond informing employees about VPNs and MFA, it’s important to adopt a mentality of proactivity when it comes to cybersecurity—in today’s distributed work environment, it’s not as simple as a “set it and forget it” affair. (Of course, having dedicated cybersecurity software installed can be a huge help in this regard.)

It may be prudent to host quarterly sessions with your team members to educate them about the latest cybersecurity risks for your particular industry—or perhaps to send out a newsletter that details the latest common scams, if a meeting is too 2019 for your company’s tastes.

Implement “Least Privilege Access”

Another proactive move you can make to ensure a small-as-possible attack surface among remote workers is to adhere to the “principle of least privilege” (POLP), a concept that suggests users’ access rights to certain platforms, documents, or materials be limited to those they need to do their jobs—and nothing more. Endpoint management software can also be helpful for ensuring that every device that has access to your company data is up to date with the latest patches and software updates.

Build Strong Cybersecurity into Company Culture

Finally, there’s an element of company culture that goes into sound cybersecurity strategy—including putting security first (yes, even above that pressing deadline). Ensuring that your employees have adequate time to tackle their workload can help prevent a “panic moment” in which they opt to forego security protocol in the interest of getting a document over to management ASAP from the airport lounge.

It’s also a good idea to have written policies in place surrounding things like ransomware attempts, malware, and the types of devices your employees are allowed to use for certain tasks. Keep these front-and-center in your employee handbook, and easily accessible online in any company portals.

One of the most time-tested ways to ensure your remote workforce is as safe as possible is to have professional-grade cybersecurity software installed on any and all work-related devices. Check out Bitdefender’s website to browse their full suite of software suites for both businesses and individuals. Get real-time updates about malware outbreaks and scams on the Bitdefender Blog.

Comments are closed.