In hybrid workspaces, the way employees are working has changed the security risk landscape for organizations.
As COVID-19 restrictions ease, many global companies, including KPMG, Salesforce, and Spotify, are announcing hybrid working arrangements that allow employees to mix traditional office time with remote work.
A hybrid work model involves flexibility, mobility, and communication across many channels and apps. When designing a hybrid work model, businesses must be aware of potential security risks and challenges – and address them properly. Otherwise, sensitive data might easily end up in the wrong hands, resulting in potential damage to your business, such as compliance fines, lost IP, or negative brand reputation.
During our live Security Briefing, Securing your business for a new hybrid workforce, our focus was on the impact of a hybrid model on data security. Our founder and CEO, Roman Foeckl, together with Zoran Cocoara, Enterprise Specialist, and Tim Deluca-Smith, CMO, discussed how companies migrating to a more permanent hybrid model could achieve a safer work environment and create a frictionless employee experience. They also provided real-world examples of the challenges that organizations encounter in data protection, and use cases of how our enterprise-grade Data Loss Prevention (DLP) solution can help enterprises on their way to security and compliance with a hybrid workforce.
Here are some of the most important highlights from the Security Briefing.
Internal threats are prevalent in hybrid workspaces.
During the Security Briefing, we also asked our attendees about their own critical security challenges. According to attendees, the top three challenges include files saved to cloud storage apps, files saved to local desktops, and personally identifiable information (PII) being shared over messaging apps. This underlines that besides malicious outsiders, insider threats are accountable for some of the most severe security incidents, and many times these happen due to human error.
“There are always going to be malicious attempts on company information, but in the majority of cases, this isn’t about bad actors. It’s usually just employees who want to get their work done,” Tim mentioned.
“And there’s always this balance: an organization wants to make sure that it has got the technology and the processes, and all the training in place to secure their data, but I guess it has to balance that with the needs of the employees. The risk of becoming overly restrictive can potentially drive employees to shadow IT apps,” – he added.
As a result, when organizations are looking to deploy security solutions, they should opt for tools that are easy to deploy and don’t affect the productivity of the employees either.
The complexity of data security
If you’re looking to protect sensitive data, the first step is to understand your organization from a data and user point of view. Choosing the right tools comes after.
“It’s incredibly important to understand what your organization is. Look at it from a user point of view: who are your users, what are the processes, what do the users need in terms of data in order to do their job? What is the actual data, where does it reside, and where should it reside? ” – explained Roman.
Companies that manage to map these out can efficiently ensure data security without slowing down employees or compromising compliance.
“Every company has multiple departments, and they all might function very differently. So I think it’s very hard to put data, users, use of data – all of those things in line. It’s an incredibly challenging task, but if you do it right, and you look at it in a pragmatic, realistic way, it’s possible to put the right tools into place” – Roman concluded.
Hybrid work is like a double-edged sword
A remote or hybrid work environment comes with increased security threats, but it also holds great opportunities for companies to reduce shadow IT and build out a tech stack that meets users’ needs for collaboration and sharing across teams and locations. Businesses can gain control over the information flow by having standardized collaboration apps to share data and eliminate non-standardized ones.
“You can’t forbid users to share sensitive data between them or even with customers, but what you can do as a company is to create a secure environment for that. As a result, companies started to standardize certain messaging applications and collaboration applications, like Slack, Zoom, Webex, SharePoint, Teams, Skype for Business. Having standardized apps for data sharing, users have no excuse to use non-approved apps. Because they are provided with all the tools they need to do their job,” Zoran said.
Besides this, security tools, like Endpoint Protector, can give organizations a greater overview and control of their data. This is done by monitoring the possible exit points and preventing data transfers through non-approved communication channels. Examples include files that are being printed, uploaded to personal Dropbox folders, or using Skype to send files outside the company.
Watch the Security Briefing and learn more about:
- How has the last year influenced how we work and has it changed how we think about data security? [3:39]
- Has this increased risk changed organizations’ perception of risk? Do they see new challenges that didn’t exist two years ago? [20:33]
- How should we think about employees in this new threat landscape? How should organizations balance the need for security with the employee experience? [22:30]
- Is it just a technical challenge? How much do culture, education, and training come into building a robust security strategy? [25:52]
- How can organizations better plan their DLP strategies? [30:09]
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.