More and more organisations have employees working in the office and remotely. Hybrid working can lead to new security challenges, partly because employees access corporate data and systems from different locations and devices. It’s therefore crucial for organisations to implement effective security protocols to protect their corporate data and systems from cyber-attacks and other threats. In this article, we discuss the importance of security for organisations with a hybrid workforce.
The importance of hybrid working
A US study shows that employees working from home are 47 per cent more productive. At the same time, the office is essential. Collaboration, being together, creativity and innovation tasks, training, learning from both leaders and mentors: it is all proven to be more effective in the office. Hybrid working combines the best of both worlds and is becoming the norm for organisations. It’s very important that organisations know how their employees can safely work remotely.
Safe working as a challenge
Employees who work hybrid benefit from increased productivity and a better work-life balance because they can schedule their own times flexibly. The fact that employees work more productively from home does not mean that they also work securely. There are a number of security risks that are common in organisations and that you need to be aware of as an organisation.
Use of personal devices
Unauthorised personal devices not under the control of the organisation do not provide the same level of protection as devices issued by the organisation.
Hybrid working increases the number of different devices being used. Employees working from home also use their home network and associated hardware (such as routers). All these devices and networks are ‘vectors’ that increase the attack surface.
Good security is essential
Digital threats continue to increase, so good security is essential. Among other things, it helps to:
- Prevent cyber-attacks and data breaches – and thus avoid both operational and reputational damage and high GDPR fines;
- Protect employee and customer data, for example sensitive data such as medical and financial data;
- Be compliant with laws and regulations (including the GDPR) and quality standards (such as ISO 27001).
Especially for organisations that are highly digitised, optimal security is essential for business continuity.
Hybrid working: effective security measures
The risks of hybrid working will be clear by now. The following 9 security measures are effective in minimising these risks.
#1 The right applications
Don’t completely rely on security applications, but they can be helpful or even essential. Consider applications for proactive monitoring and detection, Security Information & Event Management (SIEM), Privileged Identity Management (PIM), Intrusion Detection System (IDS), Patch Management and Vulnerability Scanning.
#2 Train employees
Fact of the day: two-thirds of security incidents can be traced back to human error. It’s extremely important to train all employees on cybersecurity. Possible topics include using applications safely, handling (sensitive) data, recognising phishing and pointing out the risks of shadow IT.
#3 Authorisation management
Important within security is the least privilege principle. By giving employees only the access and authorisation they need to do their job, you prevent inappropriate and unsafe use of applications and the digital workplace. For example, you ensure that people can only access information intended for them. And that they cannot add users to applications that should not have access to them.
Workspace 365 supports role-based access control (RBAC), a method of access control that is desirable for your management organisation. With this, you can, for example, set up that a marketing employee is in the marketing group and therefore automatically gets all relevant applications within Workspace 365.
#4 Secure applications and data on-site
It’s important to secure applications and data not only centrally, but also where they are located. For example, consider endpoint protection for devices outside the corporate network. This can be done via Microsoft’s Intune Mobile Application Management, which you can also apply within Workspace 365. Because business applications are managed with Intune, it no longer matters whether a device is personal or not.
#5 Protect your cloud landscape
The cloud is generally more secure than on-premises applications and data. Nevertheless, it is vital to take cloud security seriously, for example by making sure you don’t show sensitive information to people who have no right to it.
#6 Establish and update security policies
A solid security policy is the foundation of your cyber security. Policies address, among other things, remote access to applications, password guidelines, incident response, physical security, and rules for the use of, for example, social media and e-mail encryption. As an organisation, it’s important to get an ISO certification, for example, which looks at setting up, managing and improving processes in the organisation. This audit is done every year to organisations. After all, both cyber threats and one’s own organisation are constantly changing.
#7 Review frequently used applications
Always test frequently used applications against security policies. For example, should Multi-Factor Authentication settings be changed? Should access for specific roles, devices or networks be restricted via Conditional Access? Are the permissions for and access to applications and information all up to date?
#8 Special focus on digital communication
With hybrid working, employees make greater use of online communication tools such as e-mail and Microsoft Teams. Things like phishing and sending files pose additional security risks. Moreover: the more digital communication takes place, the higher the risk of data leaks. The security of digital communication therefore requires special attention, e.g. measures such as periodic training.
The digital workplace as a boost for security
The digital workplace is not an additional factor within your IT architecture that poses a threat. Rather the opposite: a digital workplace has many security advantages, such as:
Less shadow IT
Does your organisation have one well-designed and user-friendly digital workplace, integrating everything people need for their work? Then employees no longer need to reach for all kinds of tools that are out of IT’s control. Besides security gains, this delivers another important benefit: your digital employee experience (DEX) improves.
SSO and MFA
With Single Sign-On (SSO), employees have a single password for all the applications they need. This increases security, as employees need to log in less often and the chances of forgetting login details or storing them somewhere insecure are reduced. A digital workplace can easily include Multi-Factor Authentication (MFA). This is a particularly effective measure: according to Microsoft, MFA prevents 99.9 per cent of identity attacks.
Conditional Access allows you to set restrictions on access to certain applications from certain networks, browsers, operating systems or devices. Examples include not being able to access patient data outside the corporate network and blocking sensitive information on mobile devices.
Within the digital workplace, it’s possible to apply an endpoint management solution such as Microsoft Intune. Intune is a cloud-based Mobile Device Management (MDM) and Mobile Application Management (MAM) solution that simplifies the management of various endpoints. Through endpoint management, endpoints can be better secured by regulating the sending of (corporate) data, protecting corporate e-mail accounts and configuring device update settings, among other things.
State-of-the-art security from Microsoft 365
By integrating Microsoft 365 within your digital workplace, your organisation benefits from state-of-the-art security solutions. Think endpoint management and high-quality encryption. For instance, it’s possible to retrieve work files from a device if it’s stolen or lost and to force people to store work files in OneDrive for Business. Also worth mentioning is Identity & Access Management (IAM) based on Active Directory.
Adaptive digital workplace
An adaptive digital workplace such as Workspace 365 adapts to the employee: applications, data, documents, processes and tasks are offered in a personalised way. What exactly is displayed on the dashboard depends on a person’s location, network, role and device, among other things. Employees find everything they need in one digital – well-secured – workplace