Building a hybrid work environment without adding risk
Despite the fact that remote work is nothing new, the pandemic showed that many businesses were insufficiently prepared to mitigate the risks that come with it.
When offices were emptied out and everyone asked to work from home when the pandemic first hit, few businesses thought it more than a temporary disruption. But now, nearly two years later and with the end of the pandemic in sight, it seems the world is not quite ready to go back to the office full-time. In fact, 76% of knowledge workers surveyed in a recent study by the Future Forum claimed that they wanted continued flexibility with regards to where they work, while 93% wanted to choose their working hours.
Unfortunately, there remains a significant misalignment between the desires of employers and those of employees. Many employers would prefer that their workforces return full time to the office. There are several reasons for this beyond the obvious (and misplaced) fear that people are less productive when working from home. Of the legitimate fears, validated by the surge of cyberattacks during the pandemic, are concerns around information security.
Working remotely might be convenient, and studies have consistently shown that the hybrid workplace leads to higher morale and productivity, as well as the reduced financial burden of maintaining large office spaces.
Despite these advantages however, remote workers are also far more susceptible to cyberattacks, given that they often have little corporate oversight and are more likely to be using inadequately secure devices and networks.
While the notion of the security perimeter has been breaking down ever since the rise of cloud computing, the sudden and unprecedented adoption of remote work accelerated its demise an order of magnitude faster. As such, traditional security measures, such as office networks protected by internal firewalls and physical access controls, are no longer valid. If employees can access work apps and data from anywhere, then so, potentially, can intruders.
Remote work security starts with zero trust
The information security challenges of remote work were made very clear in the early days of the pandemic. For example, questions were raised in March 2020 when the UK government started using Zoom to hold cabinet video conferences. Security experts were quick to warn of a lack of security measures, such as meeting IDs being visible on-screen, analytics data being sent to Facebook, and a lack of end-to-end encryption. Such a lack of security can potentially result in intruders eavesdropping on sensitive communications – hardly an ideal scenario in sectors like government, law, or finance. Although Zoom, like Teams and other platforms have improved security, there is room for improvement, especially for sectors that routinely handle highly sensitive data.
Mitigating risk in remote and hybrid work environments requires finding the optimal balance between freedom and security, which is easier said than done.
This is why good cyber hygiene starts with the zero trust approach, whereby no attempt to access workplace apps or data is inherently trusted just because it purports to be from a legitimate device or user. Instead, every access attempt must be verified, typically via multi factor authentication (MFA), while all data is encrypted in transit. These measures, which are core components of our Microsoft Teams solution, mitigate third-party risks, such as social engineering scams and eavesdropping.
Chances are there are countless people and devices connected to your business network at this very moment. Simply trusting all of them based on the fact they are already connected is a big mistake, since it allows for the lateral movement of threat actors through your broader computing environment. This is why zero trust security must be applied, along with role-based access controls and the principle of least privilege, on an application level. After all, physically defined perimeters are no longer relevant when you have employees connecting from devices in the office, at home, or even from an unsecured wireless hotspot at the nearest park or café.
Worldr helps security leaders mitigate the risks posed by third-party threats by bringing zero trust security to Microsoft Teams. Book your demo today to see how it works.