In the age of hybrid work and bring-your-own-device (BYOD) programs, the landscape of employment has undergone a transformative shift.
Recent surveys underscore the preference for hybrid work, with a significant majority of employees expressing their desire for flexible work options. In a survey conducted by Accenture, an astonishing 83% of 9,326 respondents expressed their preference for a hybrid work model. Moreover, Microsoft’s 2021 Work Trend Index reveals that more than 70% of workers are eager to retain flexible remote work options, while 66% of business leaders are contemplating the redesign of physical workspaces to better accommodate the demands of hybrid work environments.
However, adapting to this new way of working requires addressing the security challenges it presents, challenges that many companies are not fully prepared for. For example, it’s important to note that traditional perimeter security solutions, such as firewalls and intrusion prevention systems, have lost much of their relevance. This is primarily because employees may now access the company network from potentially unsecured locations, like public Wi-Fi hotspots, which are susceptible to eavesdropping attacks. Furthermore, when employees connect to the network using their personal devices, there’s a significant risk that these devices may already be infected with malware. Compounding this situation, many companies have yet to establish a formalized remote access policy. To ensure that your company can effectively safeguard its critical systems and assets in the context of a hybrid working environment, it’s imperative to consider five key areas.
- Secure Data Backups
It is crucial to regularly and securely back up all essential files. Storing valuable data on a PIN-authenticated, encrypted USB flash drive or HDD/SSD can prevent businesses from experiencing the significant disruption of losing access to vital information in the event of a ransomware attack. It’s important to emphasize that all staff, especially those working remotely, should maintain a secure Wi-Fi connection and ensure that their security software is up to date to proactively prevent such attacks.
When selecting an encrypted drive for data backups, opting for one with an on-device crypto-chip providing AES-XTS 256-bit hardware encryption is imperative for the highest level of protection. This ensures that in the unfortunate event of the encrypted device, such as a USB flash drive or hard disk drive, being lost or stolen, there will be no risk of a data breach leading to the exposure of client or company data.
Moreover, the encrypted USB flash drive or HDD/SSD should incorporate an additional layer of security, such as a Common Criteria EAL 5+ (Hardware Certified) certification. This certification entails the integration of built-in physical protection mechanisms designed to thwart a wide range of cyber attacks, including those aimed at exploiting side-channel vulnerabilities.
- Safe File Transportation
When taking work home, it is essential to do so securely by using a PIN-protected, encrypted USB flash drive or HDD/SSD. In the event of the drive being lost or stolen while employees transport files or work remotely, employing the aforementioned encrypted drive will enable organizations to mitigate the risk of unauthorized data access or viewing.
Furthermore, these drives can be made accessible only through the input of a unique 7-15 digit PIN, thus ensuring that unauthorized individuals are prevented from accessing the data stored on the drive. It’s worth considering an additional security feature: Limiting brute force attempts. If an incorrect PIN is entered a specified number of times, all previously stored data on the drive is deleted and the drive is reset.
To enhance security further, the drive should automatically lock when the power to the USB port is turned off, when it is disconnected from the host device, or after a predetermined period of inactivity. Additionally, using a drive that can be configured as read-only (write-protected) will guarantee that data cannot be illicitly modified.
- Cloud Data Encryption
While the cloud is a popular choice for hybrid working, it comes with significant security concerns that often deter businesses from storing highly confidential information in cloud repositories.
To ensure data privacy in the face of common threats like DDoS and malware attacks, it is crucial to employ encryption for data both in transit and at rest. Data encryption renders stored and transmitted data indecipherable and unusable in the event of theft or unintentional data leakage.
However, it’s essential to note that encryption should not rely solely on the cloud service provider. Server-side encryption, where the encryption key is stored in the cloud, poses a risk as it can be accessed by hackers and cloud staff. Therefore, the best practice is for organizations to individually encrypt data stored in the public cloud.
An ideal solution for managing the encryption key is to physically remove it from the cloud and securely store the encrypted key within a PIN-authenticated USB module. This module does not store data but acts as a key for encrypting and accessing cloud-stored data. Consequently, it can be used to securely encrypt confidential information stored on local computers, network drives, sent via email, or shared using file-sharing services.
- Authorized Data Access
Utilizing specialized software it’s possible to replicate all critical security parameters between the primary encryption module and as many secondary encryption modules as needed. This replication encompasses randomly generated encryption keys and all PINs. Decryption of shared data is only possible for individuals possessing a copy of the encryption key. This capability facilitates secure and instant collaboration in the cloud among authorized users, regardless of their location.
For businesses, establishing clear procedures that all staff members must follow is essential to ensure compliance with data protection regulations, a need further emphasized with the growing presence of remote workers. As a robust data protection practice, multifactor authentication is highly recommended. In cases where a hacker gains access to a cloud user’s credentials, this breach may go unnoticed by the cloud service provider as it cannot distinguish between a legitimate user and an attacker. In contrast, employing the encryption module elevates security measures to an unprecedented level of five-factor authentication, as the encryption key remains isolated from the cloud, offering enhanced protection against unauthorized access.
- Remote Data Management
Distributing encryption modules to authorized staff is a step toward mitigating the risk of data loss due to human error. However, it does not entirely eradicate this possibility. For instance, an individual might misplace the encryption module or retain it after being dismissed. This is where centralized management becomes crucial.
Individuals responsible for overseeing cloud and data security within the organization should have the capability to supervise file activity, establish geo-fencing and time-based access restrictions, encrypt file names, and remotely disable user access to data. Implementing these measures will significantly reduce security vulnerabilities in the cloud and empower managers with comprehensive oversight and control over sensitive data and user access.
By addressing these five key areas, organizations can navigate the security challenges of the hybrid work era, ensuring data protection and business continuity in a rapidly evolving work landscape.