SMBs Must Manage the Cybersecurity Threats of Hybrid and Remote Work Environments

The global pandemic of 2020 caused a significant disruption in the way many organizations conduct business. In the midst of the pandemic work environment and beyond, remote and hybrid remote-workplace environments have clearly become a new norm for many organizations. As welcome a change as this has been for many employees, this shift presents serious cybersecurity challenges for employers.

Security chiefs must now find ways to support a complex and changing mix of remote and workplace workers, with company-provided and bring-your-own-device (BYOD) models. Hackers have taken advantage of the sudden shift to insecure home networks and poor security controls in corporate networks accessed by remote workers, and attacks are on the rise. Advanced “weapons-grade” hacking techniques and tools have been developed to exploit new loopholes and vulnerabilities, and businesses of all sizes have been affected.

Consider these statistics:

• The World Economic Forum estimates that cyberattacks jumped 238% globally between February and April 2020.
• At the onset of the pandemic in 2020, the FBI reported up to 4,000 new cybersecurity complaints per day, a 400% increase from previous levels.
• According to a global Check Point security survey, 71% of security professionals reported an increase in security threats or attacks since the beginning of the coronavirus outbreak and 95% report facing added IT security challenges.
• 61% of security professionals were concerned about the security risks of having to make rapid changes to enable remote working, and 55% felt that remote access security needed improving. 49% are concerned about the need to scale-up endpoint security.
• The leading threat cited was phishing attempts (cited by 55% of respondents), followed by malicious websites claiming to offer information or advice about the pandemic (32%), followed by increases in malware (28%) and ransomware (19%).

With remote and hybrid work, workers have more autonomy. With that, the risks of employees letting others use their work devices, downloading software not approved by IT, and using personal devices for work rises substantially, as do the corresponding risks of security breaches for each of these behaviors. According to HP World Security, the percentage of global IT decision makers who believe employees have increased their company’s risk of a security breach ranges from 85% to 88% for each of these risks.

Other, similar risks include computers that have been sitting idle without security patch updates, computers that sometimes connect to the internet without the protection of the corporate network, and computers that connect to smart home devices. Employees on the road or in coffee shops connecting to public wireless networks also presents a particularly high risk.

Here are 8 steps every small-to-midsize business (SMB) should take in 2021 and beyond to minimize vulnerabilities to cybersecurity attacks, especially in remote and hybrid workplaces:

1. Be vigilant about applying security patches to minimize vulnerabilities to hackers.
2. Train employees to spot and avoid cybersecurity threats such as phishing emails, but do not rely on this training as a serious counterthreat strategy.
3. Use multifactor, repetitive identity proofing which requires rigorous confirmation of user identity before entering the network.
4. Use “Zero Trust” architecture and security checks that exchange information in the background to verify whether users should have access to certain files.
5. Do not allow employees to connect their work devices to the internet without a corporate login, or to connect to personal IoT and smart devices.
6. Use endpoint detection and response (EDR) to aggregate and analyze end user data and detect points of vulnerability, as well as real-time threats.
7. Use unified endpoint management (UEM) solutions to bring deployment and monitoring of all mobile devices together, which supports bring your own device (BYOD) policies.
8. Use managed cloud-based cybersecurity services if you are a small-to-midsize business without the resources to support a hybrid workplace.

There is no one-size-fits-all approach to managing cybersecurity with the new hybrid and remote work arrangements. With increasing levels of intricacy, most SMBs cannot afford to go it alone, nor to manage physical IT environments. Virtualized cloud-based managed applications and cybersecurity services offer the necessary solutions to support the steps above in the new post-pandemic paradigm.