How to secure the hybrid workforce

Following on from my blog ‘The Future is Hybrid’, this blog looks at securing the hybrid workforce. During 2020 many organisations raced to deliver remote working for their workforce, often at the expense of a level of security, that would have previously been unacceptable.  Now that the dust has settled and many organisations have managed their risk in terms of remote working and multiple end point devices, it’s time to look at some of the specific technologies that can enable secure hybrid working as part of an overall hybrid working strategy.

Decentralised security as a concept

When securing the hybrid workforce, an increasing number of organisations who have already adopted a cloud strategy are now moving toward a decentralised storage strategy that provides multiple user access, whilst offering potentially greater data security and business continuity.  In this instance, data is essentially stored on 80 different nodes, but only 30 are needed to reconstitute that data, making the attack surface much less susceptible to cyber-attack and other related outages. The huge increase in demand for remote working over the last year has accelerated the move towards a decentralised cloud storage strategy in general.  This kind of storage can offer benefits such as reduced cost, improved reliability, improved up-time and of course increased security.

Endpoint security

The realities of hybrid working and working from home, have presented organisations with a whole host of security issues.  Endpoint security is a solution which is deployed on the user’s device (endpoint), which will prevent file-based malware as well as detecting and blocking malicious activity from trusted and untrusted applications.  It can also identify and resolve security incidents and alerts. Responding to the most recent forms of ransomware attacks, the latest generation of endpoint security deals with fileless malware which exploits native processes to initiate the attack.

Citrix Share File is one example of a virtual data room product, which is equipped with a multi-level security system: the data is encrypted (the documents contain dynamic watermarks that prevent unauthorised dissemination) and access is only allowed via a two-step verification.

Access Security – Identify and Access Management (IAM)

Identity and Access Management (IAM) solutions administer user identities and control access to an organisation’s resources. It achieves this authentication through a single sign-on, making it user friendly; once the user is signed on, they can only access those areas that they have been given permission to do so via a user profile which is set centrally.  An IAM system can track user activity and can detect any suspicious activity, communication or issues that might otherwise be missed.  When on-boarding new employees, the profile can be quickly and easily set, so that the process is seamless.  Ultimately this kind of access management can assist an organisation to meet industry compliance requirements.

Secure file sharing

Within an organisations the volume of data shared daily is significant and making sure it is kept secure, but easy to access, can be an onerous task.  When considering hybrid working and the potential of multiple devices being used in multiple locations, this task is made even more difficult.  Also, given the collaborative nature of data centric activities, files may need to be made available to users outside of the organisation, adding further layers of risk.

Often, when data needs to be shared quickly, business users often turn to consumer file sharing platforms, which will not meet corporate security and compliance mandates.

To offer an enterprise grade alternative to consumer based and email attachment files sharing options, there are a number of solutions on the market that provide the required level of security and accessibility. Below are just a few examples:

Virtual Data Rooms: providing an organisation with the ability to setup file share and synchronised services for their users easily and securely, offering a real alternative to large file sharing such as FTP.  As the name suggests, a virtual data room is an online database where organisations can store and share confidential information.  Traditionally these have been used to store the most confidential of information.

SharePoint: Probably one of the most recognisable data sharing products, Microsoft’s SharePoint offers a multitude of features combined with an excellent a level of ease of use that many other products find hard to compete with. Often combined with 365, it is sold as a document management and storage system.

Box: Very similar to SharePoint is Box, competing directly with Microsoft. It’s ease of use/setup, cost, and no requirement to use any of its other software set it apart from SharePoint.

Best Practice

Securing the hybrid workforce requires careful consideration of what technology is put in place and I have covered this many times before. However, a major cause of data breach is human error.  The importance of employees understanding what behaviour is appropriate in terms of IT security is imperative, for any organisation, regardless of what technology is put in place to guard. Indeed, overzealous security measures can often take away that responsibility from the employee and impact by making processes a real chore – possibly putting the organisation at further risk by people trying to circumnavigate security for ease of use.  By promoting ongoing awareness and best practice training, an organisation stands the best chance of avoiding data breaches.

Some areas to explore when encouraging a culture of security and best practice include:

Password Hygiene: enforce password changes on a regular basis and consider multi factor authentication; both are ways of adding security to your organisation’s data.

Email security: A massive growth area for phishing attacks in the last year; email best practice is an important part of the organisation’s security strategy. Comprehensive user training in being able to spot the various techniques employed by scammers via email.  For the most sensitive of data, encryption apps should be considered, disguising information from potential hackers.

Endpoint devices: Equipping your workforce with the appropriate tools to do their work should be a key requirement for any organisation, ensuring that they are able to enforce restrictions for website, downloadable content, or applications; adding another layer of security. In addition, centralised software and antivirus updates can be rolled out remotely.  It is key that considerations regarding the type of device and indeed the software upon it, are aiming to facilitate the user to do their job, rather than hinder them.  This pre-empts employees either avoiding the device altogether or installing ‘Shadow IT’ where a better, none approved application is downloaded and used as it serves them better, ultimately putting security at risk.

The work environment: As well as making sure that your workforce has the right tools to do their work when working away from the office, it is important to make sure that they consider regular router password changes and multifactor authentication when logging on.

If, after reading this blog, you feel that it might be the right time to look more closely at how you are securing the hybrid workforce, having a partner who can help guide you through will be invaluable. Pendulum offers support and expertise to help you get the most out of your organisation’s infrastructure.

Please read my blog ‘building resilience in a hybrid workforce’, where I outline best practices around disaster recovery, business continuity and building in resilience into processes.

Pendulum is a leading IT company providing services, hardware, and software across the UK and internationally. For further information on securing the hybrid workforce or any other technology related issue, please contact me at mphiri@pendulum-it.com