Work from Anywhere – Hybrid Workplace – Cyber Security Considerations

As organizations shift the way they operate in the wake of the pandemic, a hybrid work model is on the rise. Hybrid work presents some new cybersecurity challenges to employers and employees, such as employees taking work laptops home and connecting home devices to corporate VPNs. Facing these challenges, many businesses need the tools to both support employees working remotely and maintain their cybersecurity.

CYBERSECURITY CONCERNS FOR A HYBRID WORKFORCE

While working remotely, employees could accidentally put your organization’s security and data at risk. Remote work can lead to various cybersecurity vulnerabilities, such as identity fraud and data breaches.

  1. Weak Passwords: Businesses that use cybersecurity software like firewalls and VPNs to protect the remote network may still be at risk if employees use weak or repeat passwords for their accounts.
  2. Insecure Home Internet for Online Work: Home Wi-Fi networks can pose a risk to your company’s cybersecurity as employees may overlook updates to their home router software, where routers lack the most recent security patches.
  3. Phishing Schemes: With phishing schemes, hackers can act as legitimate sources and trick the victim into providing sensitive information or personal login credentials for identity fraud, hack accounts and steal additional sensitive information.
  4. Personal Devices Used for Work Tasks: Personal devices can pose cybersecurity risks to your organization as they don’t encrypt their personal devices, putting data at risk. Even printers with multiple features that can have security gaps.
  5. Centralised visibility and security governance: In a hybrid security control environment, managing security controls across all the employees has become a challenge. This also brings in challenges for security governance.

BEST PRACTICES

While working remotely or in a hybrid environment, we must consider security at first and take certain controls into consideration.

  1. Password policy: Password policy must be deployed across and have password history, wrong attempt account lock, length and mixture of alphanumeric and numbers.
  2. Identity and access management: Organization must implement identity and access management process and control for workforce, third parties and privileged users.
  3. Multi Factor Authentication: Multi factor to cloud and critical applications must be implemented which includes apps like Google Auth. or OTP on a registered mobile number.
  4. Encryption and key management: Appropriate encryption must be implemented both for data in rest and transit, key management should also be implemented to ensure quantum safe encryption.
  5. Implementation of appropriate technical controls: Appropriate layers of technical controls such as firewall, WAF, VA PT, Anti malware etc.. should be implemented and properly monitored.
  6. Efficient operations and effective governance: Efficient operations and effective governance for the security controls must be in place with periodic reviews.
  7. Backup: Backup of critical data and application should be taken on defined frequency and tested also.
  8. User awareness: User awareness is one of the most important pillars for cyber security, effective measures and ways should be taken for user awareness programs in organizations.
Manoj Kumar Shrivastava
Chief Information Security Officer
Future Generali India Insurance Company Limited

Disclaimer: The views expressed in this feature article are of the author. This is not meant to be an advisory to purchase or invest in products, services or solutions of a particular type or, those promoted and sold by a particular company, their legal subsidiary in India or their channel partners. No warranty or any other liability is either expressed or implied.
Reproduction or Copying in part or whole is not permitted unless approved by author.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report