Up until recently, the only hybrid most people knew about was the Toyota Prius.
But now that Covid-19 work-from-home restrictions are lifting, many companies are downsizing their workspaces and switching to hybrid work: allowing their workers to either split their time between home and the office, or having some people work remotely while others come in.
Either way, hybrid workforces may present a challenge for information-technology departments as systems have to be protected in both office and remote locations, as well as during the commute from home to office.
If the past year is any indication, companies have underestimated the threat.
A survey by California-based cybersecurity company CrowdStrike reported a hundredfold increase in cybercrime during just the first three months of the pandemic. Yet 89 percent of global respondents thought their devices were safe from advanced cyberthreats, the survey showed, and 50 percent believed their businesses were not more likely to be a victim of cybercrime due to remote work.
When it came to providing extra security, the survey said 33 percent of large organizations had done nothing, compared to 43 percent of medium-size organizations and 69 percent of small organizations.
As we enter the hybrid-work era, tech workers are already feeling the stress.
According to a study by enterprise-software company meQuilibrium, the pandemic workload has led tech workers to experience a 23 percent increase in burnout and a 30 percent decrease in motivation.
Additionally, a study by Dell and EMOTIV showed that when technology wasn’t working effectively, employee stress levels doubled and productivity diminished, putting even more pressure on IT departments to make sure everything was working properly.
Simplifying the process
Yet, according to 30-year IT veteran John Luludis, president of Superior Technology in Pearl River, New York, hybrid work doesn’t have to translate to an increased workload for IT staff if they implement the proper security systems.
Essential to simplifying the process is not viewing home and office locations differently, while trying to avoid BYOD (Bring Your Own Device) as much as possible, Luludis says.
“Wherever people are working is their workplace,” he said. “Whether people work in or out of an office, security has to be the same. We only allow access from company-owned devices so the security software is the same and users must get in through a VPN [Virtual Private Network].”
Luludis notes that companies need to understand that the cost of upgrading equipment and security is small compared to the cost of a successful cyberattack.
He offers a number of tips for companies to consider:
- To ensure that there aren’t vulnerabilities, home and office equipment must be treated in the same way. There can be no trade-offs with equipment and/or software.
- Limit access within the network by using a VPN. Be more restrictive with access from outside.
- Insist that there are no wireless entry points that can be leveraged.
- When people are not in the office, turn off your wifi network.
- Hold training sessions for employees so they can better recognize phishing attempts and other illegitimate emails.
Perhaps the key factor for hybrid security is discipline and organizations need to show discipline by adhering to their security principles and not allowing shortcuts, according to Luludis. He adds that remote workers should show discipline by not using their work computer on a coffee shop wireless network, for example, and keeping friends and children off their work computer. It’s their work computer.
A hidden opportunity
Human-resources consultant Talia Edmundson of Philadelphia-based HRnB Consulting points out that some companies may have had poor security before Covid hit, so hybrid work may actually give them a chance to address their shortcomings.
“It depends on whether the work environment was bring-your-own-device before Covid,” Edmundson said, adding that if employees were working on their own devices, security was always at risk.
“If an employee is on a company-owned device” — and the company has taken the proper steps regarding security — “it’s not as much of a problem,” she noted.
Edmundson says security issues arise because too many companies “may have been willfully unprepared” for workplace changes and then were unable to purchase equipment, because of shortages, when the crisis hit.
“If a company is not invested in technology, that needs to be a focal point,” she said.
Facilitate work during a transitional period
Considering employee difficulties during this transitional period is important if employers want better buy-in from their remote/hybrid workforce, Edmundson says. To limit worker stress, the ease and comfort of remote and in-office environments should be roughly equivalent.
With their IT staff, companies should review their software and other IT-related services to make sure systems are running seamlessly for both remote and in-office employees. Does the software work as smoothly from home as it did in the office? Waiting for a VPN connection is the type of thing that frustrates workers and leaves them more likely to interact with the network in a riskier way, Edmundson says.
She also recommends that employers make sure remote workers have the right equipment — and not only properly secured laptops. In the office, an employee may have an ergonomic desk and chair, a hands-free headset for their phone and a pleasant, climate-controlled environment.
At home, they may be balancing on a stool while their computer is on an ironing board. And If they have to carry their laptop back and forth to the office, do they have a proper, padded carrying case or backpack?
Edmundson says that if employers are committed to hybrid work for the long term and are downsizing their office space, “they should take some of that money they’re saving on their lease and improve their employees’ equipment.”