Cyber risks increase as hybrid staff head for vacations
This year, it is expected that many employees will request a hybrid holiday – an emerging trend where longer holidays are booked with the intention of spending time working remotely from a travel destination.
In fact, a recent survey by Virgin Media O2 revealed that 76% of workers polled were considering adding remote-work days around their annual leave as part of an existing trip.
“Employers should be aware that, while offering benefits around employee wellbeing, these arrangements also pose greater security risks,” says Rajesh Ganesan, president of ManageEngine and an IT veteran with more than 20 years of experience in the industry.
“Workers could be logging onto company servers from hotel lobbies, cafes, beach bars, airport lounges, or private villas across multiple destinations. Operating across this variety of uncontrolled networks increases the attack surface and leaves businesses more vulnerable to cyberthreats.”
Ganesan emphasises the risks that employers will need to consider to ensure that this popular new benefit does not compromise company security. He notes, "There will be more changes in the working model, and this will call for the traditional and legacy models of security to change, too. These changes stretch beyond just protecting corporate boundaries and individual cloud services. They also become imperative for our thinking to change holistically to a new model comprised of three security aspects: identity security, device security, and infrastructure security."
Three security risks bosses should consider as hybrid workers plan holidays
1. Identity security
While on a vacation, devices are often shared with family, friends, and even strangers. This could be to check emails, make payments, watch videos, or upload the latest holiday updates on social media.
However, that same device that's being used to carry out these personal tasks might also hold confidential company data. With device services functioning on data exchange, a person’s digital identity, such as credentials, passcodes, and accounts could very easily be compromised—and without them knowing.
Implementing a continuous Zero Trust model could help keep things in check, as it requires all users to be authenticated and validated for security configurations before they are granted access to corporate applications and data.
2. Device security
It’s difficult to navigate in a foreign destination without the help of your smartphone, tablet, or other mobile device. When employees head off on vacation in a new destination, they often download new applications on the same personal devices they use for work purposes. This could be to book tickets for travel and activities, to hail a cab, or to pay for a meal.
Laptops, phones, tablets, and other endpoints are often exposed to unknown data channels while the device is actively logged on to a corporate network. And it's not just devices that pose a risk. Applications being temporarily installed on a phone can have disastrous results; it could instigate a phishing attack or result in malware or spyware making its way onto the device—all it takes is one dodgy public Wi-Fi connection for a hacker to compromise a device.
These endpoints are easy vectors for carrying out attacks on the corporate network once compromised, which highlights the need for organisations to implement unified endpoint management to remain secure.
3. Infrastructure security
This encompasses all elements of the network and its devices, both on-premises and in the cloud. With devices used in different regions and across all types of network connections, an organisation's infrastructure is left open to vulnerabilities.
Monitoring all events occurring across a network and identifying patterns and anomalies proactively is the best security strategy. The organisation's IT security team should be advised of anyone working outside a secure office network, so it can be prepared to take action as and when secure access is compromised.
Ganesan advises that “focusing on and investing in identity, device, and infrastructure security gives organisations the confidence to run complex corporate networks and enable employees to enjoy the freedom of working from any place with an internet connection.”
About IT management software company ManageEngine
ManageEngine, celebrating 20 years in the industry, crafts comprehensive IT management software. It provides more than 120 award-winning products and free tools to cover all IT needs. More than 280,000 organisations across 190 countries trust ManageEngine.