As many employees begin to return to work, they are bringing the personal devices they have been using for months, and their potentially compromised security, back with them. Firms must now ensure that laptops, tablets and mobile phones for corporate use have the minimum viable endpoint protections for off-LAN activity and are completely evaluated before employees’ return to work, as these vulnerable personal devices could be the golden ticket that bad actors are hoping will grant them unauthorized access to your firm’s infrastructure. By clearly understanding the options available for maintaining cybersecurity in the hybrid workspace, firms can effectively implement plans, customized to their specific business operations, to protect their firms from potential vulnerabilities introduced by employees returning to work.
It’s important to realize that there is no one-size-fits-all solution. However, there are a number of tried and tested options that improve your firm’s security posture.
A data lake security solution ensures that users only have access to the data they need according to the firm’s security and access policies. This can help to insulate the potential collateral damage a compromised device can have on a firm.
Other ways to segment a user are using Portals and Direct Application Access, where employees working from home can access data and applications through browser-based webpages or a virtual desktop, without accessing the entire network. All information from these applications, which are usually located on the perimeter of a network, is stored on the portal’s server and cannot be downloaded or saved on an employee’s device without permission.
Disclosure related to an employee’s potential exposure to COVID is now standard for most firms that have returned to the office. However, this presents an unprecedented challenge. Previously a firm may have sensitive info that is protected and isolated within the HR department. Now, having HR manage the daily COVID disclosure is difficult to do, due to the unprecedented amount of personal health information that is gathered on a daily basis. It is of the utmost importance that firms restrict and encrypt access to this information to ensure they remain compliant with the Health Insurance Portability and Accountability Act (HIPPA), otherwise firms could face fines and other punitive regulatory action for not handling this data responsibly. One simple example of a cloud powered, automated process that can efficiently do this, is an automatically generated survey that can replace a handwritten log or Excel worksheet.
A firm’s critical applications no longer have borders, meaning that security solutions have to protect the data as well as the perimeter. Trust should not be given freely. By following a zero-trust approach or verifying every device in or out of the firm’s security perimeters, firms will be able to provide their employees with the necessary cyber protection that is expected by both institutional investors and regulators.