Hacked from your office at home: new IT security in a hybrid world of work

In our current hybrid working world, IT security teams are being confronted with unprecedented challenges and variables in the form of cyber and hacker attacks. It’s time to tackle these head-on and protect remote working offices!

The hybrid working world demands new IT security measures.
Image: © James Thew

How remote working is impacting IT security

The outbreak of the pandemic in early 2020 turned the world of work on its head in the blink of an eye, taking everybody by surprise. Large corporate headquarters, medium-sized companies, and small businesses found themselves deserted from one day to the next. Employees all over the world started working from home, taking the issue of data security along with them.

Countless employees are still sitting at their laptops at home without any form of cybersecurity protection, so new IT security concepts are needed to ensure that WFH productivity doesn’t pose a risk to entire companies.

Cyber attacks – greater protection with fewer resources?

The fact that the potential risk has increased should also be reflected in the budget allocated to cybersecurity. But that is far from the case:

“The growing risk of cyber attacks in times of remote working also has an impact on what is demanded of cybersecurity experts on a daily basis because they are expected to achieve more with fewer resources. Kaspersky found that the average IT security budget set aside by companies in 2020 was 14 million US dollars – that is a decrease of more than a quarter (26 percent) compared to 2019. The average IT budget also fell by 27 percent to 54.3 million US dollars.”

Evgeniya Naumova, Executive VP Corporate Business and Deputy CBDO Commercial at Kaspersky

Kaspersky is an international big player when it comes to cybersecurity solutions. Evgeniya Naumova is the company’s Executive VP Corporate Business and Deputy CBDO Commercial.

From Fort Knox to the sky: cloud computing requires expertise

Servers kept under lock and key at all times with access only granted to authorized employees via a PIN that is changed daily, and databases and company secrets protected both physically as well as virtually via VPN systems – not all that long ago, employees would arrive at their workstation each day, use the same PC, and change the password for it every couple of years.

Then the pandemic hit and employees suddenly found themselves sitting at their home laptop, usually with just their encrypted home Wi-Fi network as protection. Forced to act as their own IT experts, they shared data on Google Drive and deliberated over which software would be the safest for video conferences.

All the while, the real IT security team nervously looked on at the door being left wide open to cyber attacks. Stakeholders and security firms have since been scratching their heads in search of new standards and systems to protect hybrid workspaces from cyber and hacker attacks. However, the onus isn’t just on them – employees also need to be trained in using cloud and file-sharing services responsibly.

    IT security management staff must regard the new challenges as an opportunity to strengthen cybersecurity.

    Evgeniya Naumova has identified important aspects to be considered with regard to cybersecurity in times of remote working:

    • It’s no longer enough to simply protect company premises – working-from-home environments also need to be assessed and certified.
    • Switching to a service model ensures the required high level of IT security while keeping investments down.
    • When training internal IT security specialists, management skills should also be taught.
    • Dependence on cloud services will increase, thus making specific management and protective measures necessary.

      Cybersecurity in the context of remote working

      It goes without saying that security systems will always be vulnerable to some extent. However, hackers often have it incredibly easy when employees working from home are negligent when it comes to the agreed-on security procedures.

      There are various causes and reasons why employees all too frequently become a potential risk source from an IT security perspective.

      • Many see security prompts as a waste of energy and time, but trying to bypass them by means of creative shortcuts undoes the efforts of the IT security management team.
      • Many employees currently have to get to grips with their company’s digitalization process and feel overwhelmed by being additionally responsible for data security at their home workstation.
      • The flip side is just as risky: when colleagues have a false sense of cybersecurity, they often undermine the entire IT security system with their own personal configurations.
      • Password security is a really classic example. “1234” or “Password1” are still all too common (even for multiple gates, as if one wasn’t bad enough), even though password manager tools are readily available.

      This is where managers are called upon as digital leaders to motivate their employees and reach out to them directly, even in a remote working scenario.

      “When it comes to remote working, companies have to find a balance between user-friendliness, business needs, and cybersecurity.”

      Evgeniya Naumova, Kaspersky

      One necessary step is for IT teams to limit access to certain datasets and applications by only giving employees the permissions that are absolutely essential for performing a given task. A VPN should also be implemented for working from home, and employees should only be allowed to use secure and approved company systems. In this case, security should override convenience and comfort.

      “Such software can be somewhat limited in terms of user-friendliness, but they offer more security to make up for that.”

      Evgeniya Naumova, Kaspersky

      New work: the new level of IT security

      Ultimately, it’s about asking ourselves which new priorities need to be set and what technologies have to be made available in order to achieve them.

      Evgeniya Naumova from Kaspersky has some key recommendations:

      1. Employees should know who they can turn to if an IT or security problem arises.
      2. Employees who use their own devices for work purposes should be given specific cybersecurity guidelines and recommendations.
      3. It is extremely advisable to train all employees in the basics of IT security. Kaspersky and Area9 Lyceum, for example, offer a free course that teaches employees how to work safely from home.
      4. Data protection measures need to be adapted and scaled up in order to protect company data and devices (password protection, encryption of work devices, creation of data backups, etc.).
      5. Devices, software, applications, and services should always be kept up to date with the latest patches.
      6. It is essential to install reliable protection software on all end devices, including mobile devices.

      The right protection software will also ensure that only approved online services are used for work purposes, thereby minimizing the risks of shadow IT.

      Freedom – productivity – security

      Even before the pandemic, people were increasingly calling for more freedom in terms of where and when they work. The past year or so has unexpectedly turned the tables on something that was previously met with resistance.

      Remote working is now the norm for the majority of employees and very few want to return to a world where they are required to be physically present in the office. However, that also means that there needs to be a greater awareness of the increased risks to cybersecurity. Innovative IT security concepts must be implemented going forward so that all colleagues can work comfortably and the IT professionals don’t toss and turn at night.

      If you don’t want to miss any other exciting topics, then subscribe to our content newsletter now and stay up to date.