We’re living in a new era of hybrid work – with over 70% of US companies now embracing flexible working arrangements for their employees. Rapid technological advancement has made it possible for businesses of all sizes to employ a hybrid workforce, without the need for complex IT infrastructure.
Stanley Chathuruthy, PaperCut’s IT & Security Manager, says, “The cost of cloud adoption has significantly come down in the last ten years or so, which has made remote working feasible even if you’re a new startup.”
While the shift to hybrid working has implications for cybersecurity, Anthony Radisich, PaperCut’s Head of Engineering, explains that this challenge is hardly new: “The breadth of the issue is more recent, but we’ve been working with a mobile salesforce for as long as I can remember,” he says. “When it comes to protecting company assets or IP, the same rules apply to someone who is out on the road or going to conferences as to someone working from their desk at home.”
So how can businesses ensure that cybersecurity is safeguarded in a hybrid work environment?
Education and awareness is key
According to Anthony, the most important step employers can take to cyberproof their hybrid workforce is to educate them: “I think a lot of it comes down to education and awareness, whether that’s through training programs or onboarding processes when you join or change your mode of work."
PaperCut has plans to roll out a self-paced program that will eventually form part of the standard onboarding process for new employees. Anthony explains, “We think the right approach is to treat security as an aspect of your OH&S (Occupational Health and Safety) training when you start working, because it’s about staying safe in the workplace whether that be remote or from the office.”
One unexpected advantage of hybrid working is that it has highlighted the importance of strong cybersecurity practices, both for workers and employers. “When everyone is on site all the time, it can potentially mask or hide issues,” Anthony says. “Hybrid working has shone a light on some of the bad cyber hygiene that may have evolved over time.”
Stanley adds, “We spend a lot more effort nowadays on cybertraining because not everyone is in the office. There has definitely been a change in mindset, which makes it a make it a bit more secure from that point of view.”
Cybersecurity best practice for hybrid workers
When it comes to enhancing cybersecurity, Anthony believes that a little can go a long way – once employees know what to look out for: “It’s simple things like making sure that you are password protecting your laptop, that it’s locked when you walk away from your desk, and you’re not using a common password across all your different logins. Don’t click on an email unless you’re confident of who the sender is, and don’t use your personal email.”
Despite the trend towards Bring Your Own Device (BYOD), a company-issued laptop is still the more secure option, due to the level of control that the IT team has over monitoring security and wiping data if the device is lost or stolen. If employees are using their own laptops, they need to be diligent about installing anti-virus software and applying regular patches or updates.
Hybrid workers must also exercise greater caution in public spaces like a café or an airport. Stanley advises, “The main thing to watch out for is being mindful of people around you and the information you’re sharing. The recommendation is that if you’re connecting to a network outside your office or home, then do it via a VPN or firewall. And if your device is outside, make sure it is set to automatically lock after a certain period – ideally, at least ten minutes.”
Companies can put in place additional measures such as two-factor authentication, which requires a user to log in with an SMS code sent to their phone – making it harder for a thief to access their accounts if their device is stolen. “It’s not difficult to enable but just adds an extra layer of security to any technology that you’re using,’ Anthony says.
Another challenge with remote working is that people may be reluctant to carry multiple devices for professional and personal use, so extra precautions are recommended. Anthony says: “You want to make sure that your phone has a strong passcode on it or you’re using Face ID or thumb print unlock to be ultra-secure with protecting sensitive data.”
Balancing convenience and security
Whether workers are at home or in the office, cybersecurity will always be a trade-off between security and convenience. “It’s about finding the right balance and encouraging people to accept a small amount of inconvenience,” Anthony says. “I think especially these days, a little bit of inconvenience can have a lot of value for security.”
But the balance between convenience and security depends entirely on the posture each business chooses to take. For example, a business working with highly sensitive information or more stringent standards such as healthcare, will likely have a much more locked-down environment where admins have greater access to employee devices for security management purposes.
Ultimately though, Anthony cautions that you can never have total control over people’s behaviour, including your hybrid workforce: “You have to be a little bit accepting that humans are humans so there will always be potential risk.”READ MORE ABOUT HYBRID WORKING