What if my WFH CEO gets hacked? Can we afford to upgrade our IT systems for a hybrid workforce? We look at some of the most common concerns – and what you can do about them
While some forward-looking business leaders have long touted the hybrid model when it comes to the future of work, few predicted it would be here this soon. Even those working in information technology – those perhaps most aware of the growing business interest in digital transformation – were taken aback by how quickly the global pandemic accelerated the transition towards remote working.
And when it comes to cybersecurity, it’s no exaggeration to say that everything changed, almost overnight. Employees suddenly needed regular access to sensitive applications and documents, wherever they were working from. Communications went wholly digital. Usage patterns and scenarios were upended – from where people worked to the hardware they used, how it was stored and even who could see it.
Today, while no one can yet see the final destination, it’s clear that remote and hybrid working are here to stay – not just due to Covid-19, but also thanks to staff demanding greater flexibility, as well as businesses considering reduced costs and increased efficiencies.
Of course, this future is not without its cyber risks, as many CIOs in charge of planning and implementing tech solutions for the new world of work are realising. Below we’ve outlined a few of the most common concerns – and a few solutions, too.
1. I no longer feel in control of my staff and what they do
The problem: While you’re not proposing ‘Big Brother’ measures that allow you to watch an employee’s every move, you feel concerned about the lack of oversight regarding data security, processes and compliance among your remote workers. Beyond the office, staff may be using their own devices, uploading personal data to cloud applications, or downloading confidential data to their own accounts.
The solution: You’re right to worry – within reason. These things all increase risk and the potential for data breaches. Your first response should be initiating a strict remote working policy regarding what employees can and can’t do using work devices. You must also address where they work (more on this later) and ensure that you’ve offered sufficient training on good IT practice.
2. I’m concerned about staff being tricked by phishing and exploits
The problem: Most security breaches tend to be down to human error, through people being tricked into doing something foolish. During the pandemic, scams and phishing attacks have increased substantially. Your staff are being bombarded with Covid-19-themed scam emails while malicious apps lurk on mobile app stores, providing a vector for bad actors. Fake inward communications can occur too, where scammers spoof employee details under the guise of being locked out.
The solution: Cybersecurity training on risks and threats is vital. Help your employees spot and understand how to combat them – impress on everyone the importance of not being apathetic. Beyond this, deploy strong authentication and access controls, and mandate multiple verification methods for tech support.
3. What if a hacker brings down my WFH CEO?
The problem: Given that WFH means your staff can no longer rely on the protections of your company’s physical infrastructure, they’re potentially vulnerable to hacks. Think about it: many are getting online via home networks, potentially using outdated hardware with questionable security, and even brimming with devices that have their own inadequate security protections. And it’s not just hackers you’re worried about – any smart guy with the right tech could compromise your team and your business.
The solution: A combination of hardware provision and education can help. Ensure remote workers aren’t using archaic WEP home WiFi encryption. Ideally, configure and supply appropriate kit that’s subject to your organisation’s security protocols, to give you more control and oversight. Have remote employees keep devices and other hardware updated with strong, unique passwords and ensure they adhere to WFH policy to minimise exposure to exploits.
Flexspace providers, such as IWG may be able to help, by offering a safe and secure cyber solution. IWG’s operating brands (which include Regus and Spaces) each have strict security in place which is tested rigorously and continuously.
“We use penetration testers, also known as professional hackers, a specialist team who go into centres and test the systems,” explains Ran Haer, IWG Information Security Manager. “They are continuously trying to break it. If a new service is installed or product released, we’ll bring in the team and they’ll try to break it. We are continually checking everything behind the scenes to provide a flawless customer experience.
4. Can we afford to upgrade our IT systems for a hybrid workforce?
The problem: At least when people were all in the office, there was one IT solution to fit everyone. Now, with some people working from home, some in the office and some working in other remote locations, the business needs to investigate whether its IT solutions are fit for purpose.
The solution: Don’t do nothing. While you explore longer term options, do what you can to minimise threats through education and good governance. Then ensure patches are current, consider VPN usage to blacklist problem IPs, and, where possible, invest in identity and access management (IAM) solutions like single sign-on (SSO) and password management.
Again, IWG and its operating brands could offer a solution. Regus and Spaces membership include access to their IT services – meaning secure networks and a team working behind the scenes to prevent hacking and protect your data.
“We work with lots of leading vendors in networking and security on a daily basis,” says Haer. “Our sole objective is to ensure that we are equipped with the right tools and equipment to ensure our customers work in secure environments. Plus, we’re always pushing our providers for new ideas on how to make our networks more secure.”
5. I’m worried about confidential documents and data being stolen
The problem: As working patterns change, there are multiple ways confidential data can be stolen. Beyond hacks and exploits, look at physical workspaces. Can other people access and see your employees’ work? Are microphones and cameras nearby? Is there a risk of access or physical device theft through usage in public places?
The solution: Have staff avoid sharing devices and impose rules on where work can be done. Should it be prudent to have staff work away from home but not at the office, have them avoid cafés and instead instigate a policy that utilises flexspace, which can provide a secure private network for your specific business.
Flexspace could help with your cybersecurity needs. For example, IWG operating brand Regus offers a High Security Private Network that comes at a single, all-inclusive price for office customers, regardless of office size or the number of users, connected devices, or workstations. Find out more here at regus.com