On 19 July, the UK will finally lift the final social distancing measures that were put in place during the pandemic. Although concerns about the pandemic still exist, many people will now be contemplating a tentative return to the office. Although the benefits of homeworking are well-documented and recent events have proven that people can work just as effectively from home as they can from the office, many people will likely want at least a partial return to the workplace.
Face-to-face interaction is important for many of us, and people have undoubtedly missed that over the past year. A recent BBC survey with the UK’s biggest employers revealed that 86% of them were planning a mixture of home and office working, with staff encouraged to work from home two to three days a week.
It seems inevitable that the Future of Work is going to be a hybrid model. People will split their time between the office and their home according to needs and personal preferences. From an operational perspective, this will make for a happier and more productive workforce, but it does throw up some additional cybersecurity challenges.
How can organizations protect themselves against cyber-attacks when they have a hybrid working model?
The nature of hybrid working
Most people working from home will have access to corporate systems. But being geographically disparate means that there will be more file sharing between remote workers and on-site employees as people look to continue workplace collaboration. There will be more emails sent to and from employees and more endpoints to be secured.
There are many things to consider for cybersecurity teams when protecting a hybrid working environment, but these are our top five:
1. Increased filesharing – with employees filesharing more, there is an even greater need to protect those files as they enter and exit the network. The most effective way of doing so is via a Managed File Transfer (MFT) solution such as Fortra's GoAnywhere MFT.
This uses encryption and authentication to allow the safe transfer of files inside and outside the organization. Because Fortra only provides best-in-class cybersecurity solutions, we can offer easily integrated and complementary data security tools. Clearswift’s Secure ICAP Gateway makes filesharing even more secure, adding content inspection – including anti-virus, file type and file content - and automatic sanitization (both active code removal and document meta data removal) to the data being transferred in files. It does so without interrupting the filesharing flow. In a hybrid working environment, such protection will be essential.
2. Endpoint protection – any employee working from home will be operating with more endpoints than someone working from the office. Workers are connected to corporate systems via their home internet provider, as are their mobile phones. Any enterprise must be certain that its security and compliance policies extend to those endpoints at each of its homeworkers’ locations.
This is where Clearswift's Endpoint Data Loss Prevention solution plays such an important role. It tracks and locates any critical data requiring security measures to meet industry regulatory compliance, such as GDPR. Furthermore, it offers complete security against unauthorized information copy or transfer, controlling any smart devices that get connected to the corporate network. This prevents malicious attacks and helps avert data loss.
3. Secure email communication – despite the rise of collaborative working platforms, email remains the principal method of communication for enterprise employees all over the world. When some people are working from home, it is not unreasonable to assume that a) they will send more email than when everyone is in the office, and b) people might be more vulnerable to cyber-attack via email.
That is why secure email communication is vital in securing a hybrid work environment. Clearswift’s email security solutions uses Advanced Threat Protection (ATP) and Data Loss Prevention (DLP) to prevent phishing attacks, block ransomware, encrypt data in transit, and generally provide a deep and multi-layered protection in accordance with National Cyber Security Centre (NCSC) guidelines. Crucially, it does all this without impacting email flow, meaning operations can continue as normal.
4. Awareness of social engineering techniques – with employees working more from home, there is a clear need for employers to place more trust in workers’ ability to identify social engineering techniques and detect phishing attempts. There are so many different types of social engineering techniques it can be challenging for employees to stay on top of this.
Training is essential here and should be a priority for any enterprise. But deploying advanced email and web security solutions also plays a key role. Clearswift’s next-generation email security solutions remove any malicious code and disable URLs in emails and attachments before they even arrive. This greatly reduces the volume of threats entering the enterprise, a priceless quality with many employees working from home and added protection against social engineering techniques.
5. Ensuring Data Loss Prevention – data has become perhaps the most valuable asset an organization holds. Keeping that data secure not only helps adhere to regulatory compliance but it prevents embarrassing data breaches that can do untold reputational damage. Organizations have grown more willing to invest in DLP solutions to protect their data. Still, many such solutions, with their 'stop and block' approach, are not suited to hybrid working environments.
Clearswift’s Adaptive Data Loss Prevention minimizes the risk of accidental data loss, data exfiltration, and cyber-attacks and reduces any impact on day-to-day communication. It relies on automatic inspection of structured and unstructured data within email messages, files transferred to and from the web or cloud, and at all endpoints. The right security policy is always applied, and it even understands context so policies can be set for different individuals and teams.
Hybrid working will be here for a long time, and cybersecurity teams must get to grips with the changing demands placed on them by a remote workforce. Some of those demands include the secure exchange of information.