With a quarter of workers regularly dividing their time between home and the office, hybrid work is firmly here to stay. And while this blended model is having positive repercussions for staff wellbeing, it has significant security consequences, placing SMEs at a new frontier of risk.
The displacement of devices, data and people has provided an opportunity that hackers will waste no time in exploiting. And yet, despite the heightened need for adequate protection, a new survey from Probrand has found that many organisations are still not taking the necessary precautions.
Here, Mark Lomas, security analyst at Probrand, reveals some of the risks that organisations should be aware of in today’s hybrid world and the steps they can take to protect their key assets.
Remote devices
When we asked UK SMEs about the security challenges that had surfaced from hybrid working, one of the biggest uncertainties was whether personal devices being used for work are equipped with the latest security measures. In fact, 63% of IT and business leaders we spoke to couldn’t say whether they have adequate security or protection measures in place – even though the majority allow employees to access corporate data on their own endpoint devices.
It’s crucial that businesses adopt the same protective measures for all employees – whether they’re working from home only one day a week or are full-time in the office. One of the best ways this can be achieved is through the deployment of cloud-based security solutions, such as mobile device management (MDM), for example. This will enforce security on employees’ devices and ensure that all devices accessing corporate data have the latest endpoint security, firewall and software patches in place. This will also help in managing the IT estate by verifying that security updates have happened and that everything is working as it should be.
Protecting your data – wherever it goes
Even once an end user device has been secured, it can still be very easy for sensitive information to fall into the wrong hands. All it takes is for a user to enter the wrong email address or accidentally attach the wrong file and the damage is done.
This question of data protection was a big worry for most of the businesses we spoke to as part of our study, with 83% saying they weren’t confident that they could control and manage how users access corporate data securely via their personal endpoint devices.
To improve confidence, it’s vital that organisations look to implement measures that protect the data itself. Access control permissions are a simple but effective solution to ensure that, wherever it goes, your data is surrounded by a protective bubble and can only be accessed by those authorised people.
People: the weakest and strongest link
Implementing the right tools and technologies is vital to ensuring your organisation is adequately protected. Equally important is training staff to recognise what an attack might look like and how they should respond. We’re all prone to human error and it’s only too easy for a little slip-up to turn into something more sinister.
Less than half of the organisations we spoke to said that their remote teams were confident they could handle an attack. Regular training can help to turn this around – and empower staff to stay on top of new threats. Maintaining a ‘does this look right?’ mentality is essential. One of the most effective ways I’ve found to achieve this is by running a simulated attack. This involves sending spoof emails or ‘dodgy’ links to see how employees react. This isn’t about catching people out, but highlighting any weak spots and areas where the company may benefit from more targeted training. This is also an opportunity for staff to ask questions and feeds into a much bigger culture piece where organisations are saying ‘come, learn, ask things.’
By following these steps, organisations can assess their strengths, pinpoint any weak spots and take a more proactive, confident approach to their security.
Author: Mark Lomas at technology company Probrand