The coronavirus pandemic has forever changed the way we work. Individuals with desk jobs, in particular, now have more options in terms of where they work and live, and how they manage their time. Some will return to onsite facilities, while others will remain in home offices.
Organizations are now called to support a hybrid workforce future that offers potential benefits for both workers and enterprises. For example, employees are often more productive at home, and companies may be able to save on real-estate costs.
Yet, this landscape also comes with new security risks associated with less secure, at-home Internet connections and an expanded attack surface with numerous endpoints.
Experts recently discussed these challenges and pointed to solutions during an IDG TechTalk Twitter Chat, which was sponsored by Tanium.
Isaac Sacolick (@nyike), InfoWorld contributing editor and author of Driving Digital, led the discussion by posing the questions below. Answers are lightly edited for clarity.
As many organizations adopt hybrid working models, what are the biggest security risks organizations will face using this model?
Participants agreed that the lack of a traditional security perimeter represents perhaps the biggest challenge to organizations in the hybrid work environment.
Yet, that’s nothing new, replied Ben Rothke, information security manager at Tapad.
However, new risks come from employees who may be less attentive in a work-from-home environment, according to author and journalist Steven M. Prentice.
Wayne Anderson, security architect at Microsoft, also pointed to user behavior as a significant risk factor.
In other words, the perimeter can no longer provide the level of security that today’s organizations need.
What are the endpoint security challenges in the return-to-work and hybrid workforce?
The IDG TechTalk participants cited user devices acting as Trojan horses as one of the biggest challenges facing IT departments in the hybrid work world.
The risk is heightened the longer devices spend away from the protection of corporate networks. As enterprise technology leader Larry Larmeu tweeted:
As for the most destructive malware that can infect those endpoints, Rothke singled out ransomware.
What capabilities do IT security teams require to more easily manage and maintain endpoint security in the hybrid workforce?
Employee training can effectively counter ransomware that targets user devices, according to TechTalk participants.
Of course, training can only go so far. Technology, including artificial intelligence (AI), also has a critical role to play.
How does real-time visibility into endpoints benefit IT security teams and the hybrid workforce?
Real-time visibility into abnormal usage patterns makes all the difference between a compromised company network and secure operations, participants agreed.
But no amount of visibility can compensate for bad decision-making, as senior technology leader Amélie E. Koran pointed out.
In other words, technology depends on people to help secure the hybrid workplace. That includes employees with proper training to avoid phishing scams and other attacks that prey on inattentive users. And the right training and skillsets for IT professionals to keep an eye on abnormal activity that technology might surface on attacks in progress.