Here are your security blindspots in the new hybrid workplace

The hybrid workplace increases your client’s cyber risk exposure, as cybercriminals have spotted new opportunities with a distributed workforce and are determined to exploit soft spots associated with remote work, HP suggests.

According to the HP Wolf Security Blurred Lines and Blindspots report released in May, 91% of Canadian IT decision-makers now believe endpoint security has become as important as network security.

“Attackers are taking advantage of these security blindspots, which is why it is essential to make endpoint security a priority like never before,” Mary Ann Yule, president and CEO of HP Canada, told Canadian Underwriter Friday.

Endpoint devices include laptops, printers, desktops and smartphones connected to the internet. At a time when more employees are using corporate devices for personal use, they are especially challenging for IT teams to protect, Yule said. “As security teams adapt to hybrid workplaces, they need new levels of endpoint protection beyond the corporate network that offer advanced and transparent remote management while remaining unobtrusive.

“As more endpoint devices move towards wireless connections, HP believes in security that is built-in rather than bolted-on to provide a more seamless end user experience,” Yule said. “A more digital world doesn’t have to mean a more vulnerable one.”

For many Canadians, work and home life have blended. HP found as many as 35% of Canadian office workers admit to using their work laptop for personal use alongside work. “And this shift in behaviour comes with risks,” Yule said.

HP used data from a Toluna survey of 1,100 IT decision makers in Canada, the United States, the United Kingdom, Mexico, Germany, Australia and Japan combined with a global YouGov poll of 8,443 office workers in the same seven countries.

Besides using work devices for personal use, the YouGov poll found that nearly half (48%) of younger office workers surveyed viewed security tools as a hindrance, leading 31% to try to bypass corporate security policies to get their work done.

“Outside of IT teams, cybersecurity is not top of mind for everyone on a day-to-day basis, which has created tension among employees who are disconnected from the consequences of putting their organizations at risk,” Yule said. “Employees working from home can be apathetic towards updated security measures, sometimes outright rejecting them.”

The survey results from the HP Wolf Security Rebellion and Rejections report found that 48% of office workers polled agreed that “seemingly essential security measures” result in a lot of wasted time — this rises to 64% among those aged 18-24. Over half (54%) of 18-24-year-old home workers were more worried about meeting deadlines than exposing their organization to a data breach; 39% were unsure what security policies say, or do not know whether their company even has them.

What measures can employers and employees take to protect the business? Businesses need to equip their teams with user-friendly security tools that are simple to learn and easy to use, Yule said.

For their part, employees should participate in security training when it’s offered and routinely practice good cybersecurity hygiene. “By simply following tips around proper technology use — such as only using work devices for work-related purposes, not sharing them with family members, and accepting some specific websites may be blocked for cybersecurity safety — employees can significantly reduce their risks,” Yule said.

“It is important for organizations to equip IT teams and employees with secure-by-design technology that helps them work with a certain level of freedom without sacrificing security,” she said. “Embedding security into IT policies, technology and importantly organizational culture is now required for a secure workplace that contributes to the safety of the entire country.”

 

Feature image by iStock.com/stuartmiles99