How to ensure the cyber security of your hybrid office

Gwilym Lewis is a co-founder of Loxada, a technology company that enables remote workers to connect from home securely, safely and in a way that demonstrates compliance and regulatory requirements. He is also a co-founder of Appsecco, a leading cloud and application security company with offices in London, Bangalore and Boston. Appsecco works with clients around the globe to bring security assurance to the products they create and the services they deliver.

‍

‍

The rise of hybrid working has been one of the most significant workplace shifts in recent years. It's brought flexibility, improved work-life balance, and often increased productivity. However, as with any significant change, it hasn't been without its challenges. Among those challenges is a critical one: cyber security.

The move away from the traditional office environment means we need to rethink how we approach keeping our data and systems safe. Hybrid work, where employees split their time between the office and remote locations, introduces a unique set of security complexities.

The challenges of hybrid work

‍

Tech troubles: managing the use of personal devices

It's no secret that the lines between work and personal life have blurred with the rise of remote work. Many employees use their personal devices for work tasks, often out of convenience or necessity.

While understandable, this practice opens the door to several security risks. Personal devices might not have the same level of security as company-issued ones. They may be more vulnerable to malware and other threats, especially if shared with family or friends.

Furthermore, employees' home networks are often a bit of an IT "black hole." We usually have little visibility into the types of devices connected, the security of the broadband provider, or the overall network configuration. This lack of visibility makes it difficult to identify and mitigate potential vulnerabilities.

Location, location, location: securing various networks

The hybrid worker rarely stays in one place.

They might be working from home one day, a coffee shop the next, or even a co-working space abroad. Each of these locations brings its own set of security challenges.

Public Wi-Fi networks, for example, are notoriously insecure. They can be easily spoofed (creating a fake network that looks legitimate) and intercepted, potentially exposing sensitive data and stealing credentials. With the continued growth of city-wide public Wi-Fi access, it's virtually impossible for users to tell if the network they automatically connect to by default as they move around is what they think it is.

Similarly, co-working spaces and serviced offices might not have robust security measures in place, and again, there's often no way to tell. Here, the potential danger is exacerbated by users not knowing who else is on the same network and what their intentions are despite them being 'safe' in the office.

Understanding human behavior: the human factor in cyber security

Technology is only part of the equation. Human behavior plays a significant role in cyber security.¹

This can inadvertently expose their devices and, by extension, the company's data to cyber threats.

Unfortunately, many employees are not fully aware of the risks associated with remote work, not least as research shows that over 50% of IT leaders admit to engaging in risky behavior when out of the office, and if they do this, what hope is there for the rest of us?

A lack of organizational oversight can exacerbate this problem. When employees work remotely, they can feel less accountable for their security practices and have less opportunity to highlight potential issues; it's much easier to ask a colleague sitting next to you if something looks odd than to reach out remotely, increasing the risk of breaches.

Building a culture of security: together we're stronger

So, what can we do? The key is to foster a culture of security within our organizations. This means creating an environment where employees feel empowered to take ownership of their cyber security no matter where they are working.

Open communication is crucial, particularly when people are physically away from the office. We need to champion the concept that everyone has a part to play, especially when hybrid working, and create mechanisms to enable employees to easily report any security concerns they have and for these to be taken seriously, even if they turn out to be misplaced.

We also need to acknowledge that security awareness is contextual and ensure that measures are put in place to actively address this, especially for hybrid workers who frequently switch contexts between office and other environments.

Platforms like deskbird can play an active role in this process by helping provide a smooth transition between being in or out of the office rather than people being in one state or the other. This can, in turn, reduce the risk of employees falling through the cracks and engaging in risky behaviors.

‍

Conclusion: a secure hybrid future

Remote and hybrid work are here to stay.

And while they bring many benefits, they also present unique cybersecurity challenges. However, we can create a more secure hybrid future by understanding these challenges and taking proactive steps to address them.

This means investing in technology, providing comprehensive employee training, and fostering a security culture. It also means leveraging tools like deskbird to manage hybrid work arrangements effectively. By working together, we can balance flexibility and security, ensuring that our organizations thrive in the digital age.

‍

Tl;dr: Hybrid work is great but brings new cyber security challenges. We can tackle them together by understanding the contextual risks, using the right tools (like deskbird!), and creating a mindset where people pay attention to security no matter where they work.

‍

‍

Sources:

1. "The Weakest Link: Employee Cyber-Defense Behaviors While Working from Home," Journal of Computer Information Systems