Four key considerations to uphold security in the virtual and hybrid workplace

After almost a year and a half of intermittent lockdowns and restrictions due to COVID-19, office workers around the world have almost universally adapted to remote and hybrid forms of working. It’s been a long journey, though there are signs of restrictions easing across Europe - and things are moving in a more positive direction. 

At the same time, there is evidence that some businesses will need to or even want to continue working in a blended way. As Gartner reports, almost half (48%) of employees will work remotely, at least some of the time, in the post-pandemic world, compared to only 30% before the pandemic. 

As businesses look at restructuring their ways of working, many aspects of how teams operate in both the short and long term will need to be addressed. This is especially relevant given the rapid, initial adjustments to working life that had to be made in March 2020 when the pandemic took hold of Europe, which have largely remained in place until now. As companies transitioned overnight to working from home, without knowing how long this ‘new normal’ would last, there was little time to prepare and safety measures were unfortunately deprioritised in the face of the virus.  

It is essential that companies assess and improve how employees are set up to work from home and in the office, especially from a security standpoint. This includes better quality and lasting provisions when it comes to system infrastructure, remote connectivity and accessibility, and how data is generally communicated and stored. 

There are several examples of practicality taking precedent over security. Firstly the widespread use of personal devices used for work and the exposure to unprotected internet connections. Ensuring workers have quality and secure internet connection is about more than avoiding patchy zoom calls; the reality of using a personal laptop on an unsecured network presents significant risks and could severely compromise any business. 

With more time to consider how operating in this way can create issues for businesses, assessing risks and taking steps to improve security is vital. There is no doubt that malicious attackers will have caught on and will seek to exploit those working from home and potentially compromise the overall security of a business. To help you understand these risks and help plan for them, we have put together four key areas to consider and look out for as the pandemic continues and hybrid working becomes the new normal.

Update data security policy for hybrid working 

Security in the workplace was a key concern before the pandemic, albeit an easier one to regulate, given most people worked in the same place. In this context, whole teams benefited from the use of only one network and a more unified approach to security best practices overall. It is essential for both leadership and IT teams to develop up to date security policies that reflect the reality of new working life. 

With these in place, management can make positive steps towards implementing and normalising a security-conscious workforce. Ensuring that employees are not only aware of the vulnerabilities present in everyday working life but have a framework in place that guides them into taking the necessary precautions, wherever they happen to be. 

Regulate use of personal devices 

A year and a half since the overnight adaptation to remote working, many still use personal devices, indicating that any security considerations are likely to have become relatively lax. Employees should not have to rely on their personal devices to be able to do their job, chiefly because these will not necessarily be set up to cope with business-related cyber risk, from important systems updates, to using quality firewalls and VPNs. 

Although most devices offer push notifications reminding users of important updates for example, IT teams have less oversight of these when it comes to personal computers. What’s more personal equipment can vary in terms of brand and operating system, making it more difficult for IT to keep tabs on employee’s security posture. Likewise, they cannot guarantee that users will even adhere to appropriate time frames prompted by their own computers when it comes to necessary updates and patching.  

Assess home setups and equip staff with the right tools 

A crucial part of establishing a better security setup is assessing the equipment already in place. Checking the working capacity of key equipment including routers, IoT, and other devices, is important to avoid vulnerabilities.

Consider equipping teams with the latest Wi-Fi 6 to increased speed and range, cutting through device-dense homes, or 4G/5G routers which offer independent bandwidth from existing home internet, or alternatively a VPN router which offers a secure and private connection from home to an office network. Updating routers to enhance security creates a safer way for people to connect and with plenty of options to choose from businesses should not hesitate to equip employees with the appropriate equipment. 

Educate staff on security risks and the importance of reporting  

Once a new working security policy has been developed and implemented, and vulnerabilities presented by existing devices assessed and remedied, an important action is to bring employees up to speed on how they can uphold security and their role within the company. A key aspect of this is reporting issues and incoming phishing emails, for example. Each employee must be conscious of their role in safeguarding against risks and management’s responsibility to educate them on the correct approach and check in on them to ensure compliance. 

Following a long period of adapting to remote working, companies of all shapes and sizes are now exploring how best to strike a balance between a return to the office whilst continuing to afford some of the flexibility their employees have become accustomed to in a safe and secure way. As it did at the start of the pandemic, technology continues to play a central role in how the future of work unfolds. As businesses take steps to ensure offices are equipped with the necessary infrastructure to enable hybrid working, upholding security and data privacy will be key.