Cyber risks increase as hybrid staff head for vacations

By Rajesh Ganesan, president of ManageEngine
Rajesh Ganesan, president of ManageEngine, highlights the top three security risks employers should be aware of as more staff seek a hybrid holiday

This year, it is expected that many employees will request a hybrid holiday – an emerging trend where longer holidays are booked with the intention of spending time working remotely from a travel destination.

In fact, a recent survey by Virgin Media O2 revealed that 76% of workers polled were considering adding remote-work days around their annual leave as part of an existing trip.

“Employers should be aware that, while offering benefits around employee wellbeing, these arrangements also pose greater security risks,” says Rajesh Ganesan, president of ManageEngine and an IT veteran with more than 20 years of experience in the industry. 

“Workers could be logging onto company servers from hotel lobbies, cafes, beach bars, airport lounges, or private villas across multiple destinations. Operating across this variety of uncontrolled networks increases the attack surface and leaves businesses more vulnerable to cyberthreats.”

Ganesan emphasises the risks that employers will need to consider to ensure that this popular new benefit does not compromise company security. He notes, "There will be more changes in the working model, and this will call for the traditional and legacy models of security to change, too. These changes stretch beyond just protecting corporate boundaries and individual cloud services. They also become imperative for our thinking to change holistically to a new model comprised of three security aspects: identity security, device security, and infrastructure security."

Three security risks bosses should consider as hybrid workers plan holidays

1. Identity security

While on a vacation, devices are often shared with family, friends, and even strangers. This could be to check emails, make payments, watch videos, or upload the latest holiday updates on social media.

However, that same device that's being used to carry out these personal tasks might also hold confidential company data. With device services functioning on data exchange, a person’s digital identity, such as credentials, passcodes, and accounts could very easily be compromised—and without them knowing.

Implementing a continuous Zero Trust model could help keep things in check, as it requires all users to be authenticated and validated for security configurations before they are granted access to corporate applications and data.   

2. Device security

It’s difficult to navigate in a foreign destination without the help of your smartphone, tablet, or other mobile device. When employees head off on vacation in a new destination, they often download new applications on the same personal devices they use for work purposes. This could be to book tickets for travel and activities, to hail a cab, or to pay for a meal.

Laptops, phones, tablets, and other endpoints are often exposed to unknown data channels while the device is actively logged on to a corporate network. And it's not just devices that pose a risk. Applications being temporarily installed on a phone can have disastrous results; it could instigate a phishing attack or result in malware or spyware making its way onto the device—all it takes is one dodgy public Wi-Fi connection for a hacker to compromise a device.

These endpoints are easy vectors for carrying out attacks on the corporate network once compromised, which highlights the need for organisations to implement unified endpoint management to remain secure.

3. Infrastructure security

This encompasses all elements of the network and its devices, both on-premises and in the cloud. With devices used in different regions and across all types of network connections, an organisation's infrastructure is left open to vulnerabilities.

Monitoring all events occurring across a network and identifying patterns and anomalies proactively is the best security strategy. The organisation's IT security team should be advised of anyone working outside a secure office network, so it can be prepared to take action as and when secure access is compromised.

Ganesan advises that “focusing on and investing in identity, device, and infrastructure security gives organisations the confidence to run complex corporate networks and enable employees to enjoy the freedom of working from any place with an internet connection.”

About IT management software company ManageEngine

ManageEngine, celebrating 20 years in the industry, crafts comprehensive IT management software. It provides more than 120 award-winning products and free tools to cover all IT needs. More than 280,000 organisations across 190 countries trust ManageEngine.


Featured Articles

Amelia DeLuca, CSO at Delta Air Lines on Female Leadership

Driving decarbonisation at Delta Air Lines, Chief Sustainability Officer Amelia DeLuca discusses the rise of the CSO and value of more women in leadership

Liz Elting – Driving Equality & Building Billion-$ Business

Founder and CEO Liz Elting Turned Her Passion into Purpose and Created a Billion-Dollar Business While Fighting for Workplace Equality – and Winning

JPMorgan Chase: Committed to supporting the next generation

JPMorgan has unveiled a host of new and expanded philanthropic activities totalling US$3.5 million to support the development of apprenticeship programmes

How efficient digital ecosystems became business critical

Technology & AI

Mastercard: Supporting clients at a time of rapid evolution

Digital Strategy

Why Ceridian has boldly rebranded to Dayforce

Human Capital