"For Best View, Please Open this Website on Laptop / Desktop Or Mobile"

Search
Cancel
19 December 2022 / RQ SPEAK

Is Work From Home/Hybrid mode of working, the new security challenge?

Application Controls Audit

After the pandemic, companies have adapted to work from home/hybrid mode of working but there are some cybersecurity challenges to the same. This blog will help you look at these key challenges and mitigations around the WFH/Hybrid mode of working.

RQ SPEAK

Is Work From Home/Hybrid mode of working, the new security challenge?

 

We have successfully circumvented the pandemic and have learned to work from home or anywhere for that matter. The lines are blurring from the employee point of view whether--work from the office or work from home. The key driver for enabling work from home is due to availability of fast internet connectivity at a reasonable price. The net connectivity, quality of service has improved from the previous decade however we do have our own not so good experiences. 

As per a survey, the average US household had 10 connected devices in 2016. It is predicted that by 2022 it would rise to 50+ connected devices per household in the US. Even India is not far behind, as multiple connected devices per household have quadrupled. These connected devices, if not secured properly do present a potential threat of being hacked. The compromised connected devices at home can seep into the corporate network and infect precariously. The edge of the corporate network is now in the home or from where an employee can telework. The ownership of securing the devices, especially the connected devices at households is now shifted from employer to employee. However, cybersecurity is slowly and steadily becoming a favourite topic of discussion right from household to boardroom. Employees remain among the strongest or weakest links in their company’s cybersecurity defenses. The corporate’s have added mandatory awareness training modules to imbibe cybersecurity culture.

Looking at the current corporate scene, organization's worldwide have begun a mixed/hybrid mode of working thus allowing WFH (Work From Home) and WFO (Work From Office) in a working week. The mixed/hybrid mode of working clearly spells out cybersecurity challenges to IT Team, IT vendors, information security professional, CISO and security implementers.

 

Let us look at some of these key challenges and mitigations around them.

  1. Virus from an infected work from home system/device(s) may spread to enterprise network:
    • Implement technology checks where system/devices are not allowed to connect to the enterprise VPN unless they have an up-to-date antivirus with latest definitions/patches.
  2. Sharing of laptop password with family members:

    • Enforce information security awareness training covering Do’s and Don’ts for Work From Home users. As well as an undertaking viz. sign off from teleworkers which covers information security aspects for acceptable end-user practices.

    • Have a formal mechanism where all the requirements for data backup are identified and implemented to avoid cases of accidental data erasure, data leakage, etc.

  3.   Risk of downloading/printing organizational information:

    • Make sure technical controls are implemented to prevent downloading information on local systems as well prevent uploading on non-business apps or non-business websites

    • Have additional controls implemented that blocks USB ports of the teleworking device unless there is a justified business requirement

    • Establish rules to disable wired and wireless connectivity ports on user computing systems that could allow connection to a rogue printing or a multi-functional device

  4. Risks due to lack of reporting/under-reporting and response for an incident or event:

    • Ensure a process or a mechanism is in place which enables reporting and responding to an IT or security lapse/issue(s) faced by teleworkers


The enterprises have done well and have passed with flying colours on the business continuity however the WFH/Hybrid work security needs constant addressing as the enterprise security perimeter may not remain constant.