Hybrid work is very much in trend. Accordingly, employers are dealing more and more with the topic of a “hybrid workforce.” The issue of endpoint security is particularly important because working from home can ultimately pose an increased risk. BlackBerry, a provider of security software and services for the IoT, explains in three points what is important when it comes to cyber security in a hybrid work environment.
Hybrid work is in vogue, and it is impossible to imagine life without it. Since the beginning of the pandemic, many employees have got used to working from home. Although many restrictions are currently being relaxed, the same question often arises: will you go back to the office full-time? This idea seems unthinkable for many employees, as a study by the University of Konstanz shows. Employers have to prepare for a hybrid workforce that works from both home and office. The way employees connect to corporate networks plays an important role in endpoint security.
Current studies by AT&T show that 35 percent of respondents link their employer-provided devices (endpoints) with smart home devices. This increases the likelihood of an attack. The most popular networked home devices include voice assistants and smart speakers (14 percent each) and smart lighting (12 percent). The same AT&T report shows that one in five employees (20 percent) cannot be motivated to think about cyber security risks. This reveals a deep-seated and major problem: the increasing risk of employees who rely on end devices becoming victims of cyberattacks. Hence, no company can afford to ignore this group of workers. Especially considering the Federal Criminal Police Office figures show that online crime has been increasing in Germany for years. So how can a company protect its technology, end devices, and employees despite a lack of security awareness?
Optimal Cyber Knowledge
It’s not uncommon for employees to use unauthorized software or services to get their jobs done. By using workarounds or “shadow IT software,” employees often feel more productive. This is because such a way of working is easier for the average employee than the prescribed approach. The main reasons for this problem in companies and government institutions are outdated systems. To make matters worse, there are security measures that neglect user-friendliness.
In the majority of cases, hacks are the result of human error. This harbors great risks, especially when employees do not know what they should or should not do concerning cyber security. Therefore, companies and institutions should ensure that all employees are informed about the correct procedures and the consequences of risky digital behavior. In this way, they are made aware of the threat situation – and even the greatest skeptics can see that the situation is serious.
One method to easily secure internal and external personnel files is the zero-trust approach to access business files. This allows devices and technologies to be adequately protected. Several authentication factors, such as location information, are required for a user to gain access to the corporate network. As the name suggests, any attempt to log in is initially shown to be zero trusts. A continuous security risk assessment takes place in the background so that companies and their employees are consistently protected.
The idea behind Zero Trust is simple: Everything that wants to communicate with company data must first be classified as trustworthy. By default, everything starts with a zero confidence rating. The level of trust rises or falls depending on how the interactions between the corporate infrastructure and an external device run. The frequency of access to a device changes in real-time, along with its trust score.
Zero Trust security principles are the most secure way to give employees access to files and productivity software anywhere. Zero trust solutions that use machine learning (ML) and predictive artificial intelligence (AI) can also block attacks and enforce dynamically adjusted security policies. In this way, the company network can be successfully protected against human errors and well-intentioned but misguided security measures.
The Zero Trust approach solves the security problem when privately used technology is connected to work devices. But the risk of human error must also be eliminated. So how can companies create a safe, productive, and easy-to-use environment? And how can the 20 percent of employees who cannot be made aware of cyber security risks be protected without their active participation being required? The answer to this is the zero-touch approach to cyber security.
Zero Touch gives users instant access to their files without any intermediate steps. Employees can do their work without delay because they do not have to enter passwords, request special authorizations, or authenticate themselves multiple times. As a result, they are less inclined to look for unsafe alternative solutions. As with Zero Touch, there are no additional, time-consuming security routines for the user. It does not matter if one in five employees ignores the new security measures because they are completely integrated into the workflow. The bottom line: the company’s infrastructure is secured at all times, while employee productivity is not compromised.
It is often said that passwords are inadequate for online security because many users use insecure or easy-to-crack passwords. Instead of advising users to use more complicated passwords, IT teams should rely on advanced AI, continuous authentication, and a robust TCP / IP stack. Security approaches like Zero Trust and Zero Trust can do this. This way, they can enable secure interactions that protect users at the first sign of a cyber attack.