Prior to 2020, less than 5% of the UK workforce worked from home. Now, with the pandemic behind us, hybrid working is here to stay, with latest figures suggesting that over 25% of the workforce are choosing to travel to work some of the time, and work from home or elsewhere the rest of the time.
The majority of business leaders appear to think that hybrid working is helpful, with many workers enjoying reduced travel time, increased productivity and a better work life balance. This mixture of modes of working does come with its own challenges however when it comes to remaining secure and ensuring compliance.
The rapid advance of connectivity has certainly made working outside the office much more straightforward, with people able to keep in touch, access data and share information easily. With this ease comes a risk that your workforce may be lulled into a false sense of security. Working from home, or from anywhere outside the workplace, does increase the risks of data breaches and a breakdown in security protocols.
A shared responsibility
It is important that every employer takes steps to make sure that codes of practice are in place to optimise their IT security, and ensure compliance with all regulatory requirements, wherever work is taking place.
Equally, every employee needs to be made aware of their responsibilities when it comes to maintaining security, whether they are working in a home office or in their local café. They need to understand the importance of continuing to comply with auditing, data privacy rules and maintaining good records and reporting.
In the interests, of security, as well as keeping personal files and work files completely separate, employees should also be instructed to use company-approved devices for any work-related tasks. In this way, you can be sure that anti-virus and anti-malware products are well maintained, along with regular software updates, including patching to protect against any emerging vulnerabilities.
Maintaining protection, inside and outside the workplace
In any cases where employees are using their own devices, such as their own mobile phone, make sure that they are not taking shortcuts with their personal security; multi-factor authentication should be used for example and all devices should be password protected. The importance of strong password protection cannot be overstated and applies more so to devices used working from home as it does within the workplace.
Cloud-based data storage and the security offered by Microsoft 365 means that your email is encrypted. Your IT supplier can ensure that secure firewalls protect your networks too. Once outside the office, you are more vulnerable; public Wi-Fi is just as it says, public, so using a personal hotspot is much more secure.
Hazards of remote working
Working remotely, rather than just working from home, brings other potential security challenges into play which employees need to be aware of. The risk of theft may be higher when employees are out of the office, so you should consider using hard disk encryption; in the event of a laptop being stolen, the data will still be protected. Working on a train, in a cafe or in a hotel lounge, it is easy to forget the dangers of ‘shoulder surfing’ for example, where someone can read sensitive information while they are sitting close by or even just strolling past. No one should ever leave their devices unattended and should make sure they lock their screen when it is not being used too.
Working from home can of course present hazards even if there is no criminal intent, devices are still vulnerable to the potential threat presented by children or affectionate pets, who can easily unintentionally damage hardware or delete files if devices are in easy reach. Your workforce should be encouraged to be mindful of these domestic dangers too.
What is a Zero Trust Security Model?
Where practicable, we strongly encourage companies to adopt a Zero Trust Security Model. In simple terms, this model sets out to prevent unauthorised access by requiring verification at every step, assuming no implicit trust in users and their devices, whether they are operating inside or outside your network.
Zero trust provides layers of security between your users, your systems, your data and your assets. Users are constantly authenticated and devices are monitored. Zero trust is designed to contain any attack so access is segmented meaning that the perpetrator cannot move laterally once they have gained access to a network.
A zero trust security model can offer high levels of protection, but may require a sea change in company culture around the issue of cybersecurity. If you are not quite ready to make that step, for now, make sure you have policies, procedures and guidance in place so that they are enforced across the board, and everybody is fully trained to understand how to work safely, wherever they are located. As part of this, draw up an incident response plan too, so that if a security breach occurs, everyone knows what to do, without a potentially costly delay.
At Highstream Solutions, our managed security service is designed to keep a constant eye on our clients’ infrastructure, minimising security risks. We work to implement and keep systems secure in line with best practice.
Contact us to find out more about our services and how we can help you, in the workplace and beyond.
