Going hybrid at work: How to secure the working from everywhere age

The sudden closure of offices and cities during the Coronavirus Pandemic has changed the paradigm of employees and employers on working outside the office premises. Before the pandemic, companies resort to adopt the “work from home” policy only for special cases such as call support or work travel. Today, as employees were forced to work remotely during lockdowns, organizations have realized the value of remote working.

Employers have experienced an increase in productivity, job satisfaction and a significant decrease in operating expenses. A Gartner survey found that 80% of company leaders in the United States plan to continue to allow employees working remotely at least part of the time after the pandemic. This translates to a huge conversion of many organizations from a traditional working setup to a hybrid setup of remote and physical working scenario.

It is no longer a trend for enterprises to think about how they can let their employers work from anywhere, but a reality for millions of people, if not billions. Moving from a “how do I let people work from home” to “how do I ensure remote working from anywhere is as secure as it can be for staff and the business” has become the top priority for organizations.

As we start to slowly turn the page on the pandemic in many regions, this new “work from home” age does not come without its risks. A recent report by HP - Blurred Lines & Blindspots – found that 70% of office workers surveyed admit that they use their work devices for personal tasks, while 69% use personal laptops or printers for work activities. Almost one-third (30%) of remote workers surveyed have let someone else use their work devices. Businesses as a result, have never been more at risk and hackers are taking notice.

Giving away the traditional way of working has not been an easy task. Organizations have had critical decisions to make. And though they have already executed a test-run during this pandemic, this was never designed to be used as primary means of operations.

However, there is a clear picture that most organizations would like to keep allowing their employees some sort of remote work setup. CIOs must now prepare their infrastructure to support this arrangement for a prolonged period, but not only as a Disaster Recovery (DR) scenario.

Technology alone won’t solve all hurdles

With pressure to gear up workforces to work from home in early 2020, millions of organizations were forced to quickly adapt by diverting resources to the remote access infrastructure.

Some were lucky to have remote working as one of their DR scenarios, but it was not designed to last for prolonged periods because of sacrificed performance and user experience. If today the decision of the Business and Operations is to keep allowing employees to work remotely, IT must now prepare systems, resources, and infrastructure with the mindset of people working remotely.

One thing we noticed during these months, is that many companies in Southeast Asia for instance, are adopting different technologies but they lack expertise and experience to strategically handle incidents. The first step in the journey here is to determine the organization’s remote work philosophy and approach, as well as to create a ranking of business priorities, such as costs, talent attraction and retention, compliance, employee experience, and measure the impact of having a remote workforce against those priorities.

A key IT consideration is digitalizing workflows. This was evident during the start of the pandemic where manual approvals had to be quickly fixed by using work around. Some resorted to hire third party couriers to migrate documents around to the homes of the different signatories. The key here is to migrate the documents electronically, allow electronic approvals and automated attachment of signatures and equip with the intelligence to identify the right approvers, such as based on the various individuals’ approval request of a Purchase, a Vacation Leave or a reimbursement.

Shifting security boundaries

Another critical IT consideration is Security. The emergence of the high demand for remote working has moved the perimeter boundaries of the IT infrastructure from within the offices with specific regular work hours to anywhere and anytime. This has stretched the security boundaries to the home offices or even coffee shops or internet cafes. Gone are the days when you can easily protect your data and resources by securing the IT infrastructure of your offices and data centres.

With such stretching of the security boundaries, IT needs to now consider securing the Home WiFi infrastructure, the end-point corporate device and the other devices present in the network i.e., IoTs and household laptops. One thing is for certain, defense-in-depth and zero trust architectures continue to be the overlying principal approach to Cybersecurity design and strategy; and the only challenge is extending this to the remote worker’s homes.

The key solutions that are crucial to the new design of extended security perimeters are:

1. First, an Endpoint Device Management (EDM) solution which controls Corporate Devices and BYODs patch level, installed software and security policies. This would maintain a minimum level of device configuration before allowing access to data and resources.

2. Second, Secure Access Service Edge (SASE: pronounced “sassy”) which enforces remote user’s access to only the applications authorized based on the users, devices, operating system etc.

3. Third, eMail security solution that would block attached malwares, prevent phishing and spam and apply Analytics and Machine learning to block unknown attacks distributed through eMail to avoid the mistake of opening a malicious link or attachment.

4. Lastly, WiFi security solution that controls access between endpoint devices through Analytics and Machine Learning to determine and block undesired traffic.

There have been several examples of cybersecurity issues during the last year and a half, including a cybersecurity breach that happened in May, 2021. This involved the hacking of a United States pipeline company which resulted in shutdown of their major pipeline brought by a ransomware attack. This resulted in the losses of millions of dollars in sales and revenue. In the end, the attack on the pipeline company’s control systems started from a remote worker’s machine infected by a malware.

Working from outside offices has created a higher demand and/or opened the doors for more data to be shared with larger swathes of the workforce. Going back to HP’s report, it was found that 71% of the more than 9,500 employees surveyed say they access more company data, more frequently, from home now than they did pre-pandemic – with the most common types of data being accessed being: customer and operational data (43% each) and financial and HR records (23% each). At the same time, office workers are increasingly using their work devices for personal tasks. This puts into perspective everything we have discussed so far.

With the rising number of breaches involving data privacy leakage and loss of information, along with the increasing cost of each breach, risk analysis must now be recalibrated to address the emerging weaknesses as a result to the sudden change in work arrangements caused by the Coronavirus Pandemic. CIOs should consider acquiring third party services to perform Risk and Vulnerability Assessments in order to gain an outsider insight on the gaps that may have been overlooked due to the sudden changes executed.

360o Cyber Security

Cybersecurity breaches come in many forms and sizes and there is no single solution that addresses them all. However, the current principle on security - Defense-In-Depth and Zero-Trust-Architecture is on top of every security practitioner’s mind. The new ways of working and the usage of public cloud have presented a new set of weaknesses as security perimeters set to protect the company premises have now been extended and will continue to be extended as companies decide to keep this work setup.

As most companies migrated to this setup abruptly as a response to the need to maintain operations during the period of pandemic, the technical solution was not designed for a prolonged period. To adapt to the unprojected changes, CIOs must now work with Business Operations to plan and start implementing a digital transformation that solves not only the technical issues but the overall business processes to enable a true and secure Work-From-Home experience.

Finding the right partners is a key step to protect hybrid workforces. A global reach allied to a fast and secure network performance anywhere, anytime is critical. This is where HGC’s extensive portfolio helps partners and businesses across the globe achieve their best performance.

We work with industry leading brands and help them understand their needs to secure their networks, as well as provide the backbone of that network whilst providing on-going management and upgrade services to meet the highest SLA levels at zero downtime. Some recent work we have done includes for example with Deloitte Cyber which has partnered up with HGC Group to provide adaptive security protection from cyber risks during this digital era. We have also announced the strategic expansion of our ICT capabilities in Asia with Singapore upgraded as major Asian hub and the introduction of our new Trio-service suite, composed of network connectivity, ICT solutions and local professional support. We signed MoU with CyberSecurity Malaysia, the national cybersecurity specialist and technical agency under the Ministry of Communications and Multimedia Malaysia (KKMM), to cement national telecoms cybersecurity and deliver greater ICT benefits to internet users.

Our one-stop-shop, 360 degrees Cybersecurity portfolio which is also built in a bespoke fashion to serve different industries, continues to constantly evolve and adapt around phishing assessments, bot detection, penetration testing, endpoint security, data loss prevention and more, address the changing landscape brought upon us all due Covid-19. Towards the new hybrid world, bravely go ahead with HGC. We’ve got your back!