Our world has changed; hybrid work is here to stay. According to Statistics Canada, at the end of last summer 28 per cent of all Canadian workers and 47 per cent of professional services workers were hybrid. Many people have embraced the flexibility and work-life balance benefits that come with hybrid work.
Hybrid, however, comes with inherent risks. Protecting the organization is now more complex, as workplace boundaries have blurred. Employees now ferry their PCs back and forth from the office to home, and sometimes to third places like cafes or shared workspaces. Teams must focus on securing endpoints such as PCs and printers – the ‘ground zero’ of most attacks. We need new cybersecurity strategies to prevent, detect and contain cyberthreats, while mitigating the risks connected with the lost or stolen devices.
The fact is, more than three years after the large-scale shift to hybrid, we are still not moving in the right direction. According to new global research and a hybrid security report from HP Wolf Security, 61 per cent of security leaders say protecting their hybrid workers will become harder in the year ahead. Furthermore, 82 per cent of them recognize gaps in their organization’s security posture. Endpoints – whether a laptop, tablet, printer or smartphone – are a favoured point of entry for attackers. In fact, 84 per cent say the endpoint is the source of most security threats and the site of most business-damaging cyber-threats.
Endpoints pose a security risk because they are the intersection between human users and technologies. Hybrid work exacerbates the problem because devices frequently don’t receive the protection provided by the enterprise perimeter.
You can add to that the risk of employees being in a more relaxed environment with no colleagues to consult, making it more likely they will click on a risky link or open an attachment containing malware. Sixty-six per cent of IT and security leaders said that the greatest cybersecurity weakness in their organization is the potential for hybrid employees to be compromised. Phishing, ransomware, and attacks via unsecured home networks are the top risks. Seventy per cent of security leaders say that hybrid work increases the risk of lost or stolen devices. With workers on the move more than ever, this risk is higher.
The good news: organizations appear to be focusing their investments on securing hybrid work, but it is critical that budgets are targeted at the right tools, with a focus on making the endpoint the core of hybrid security strategy with secure by design hardware.
What can IT managers do? The first step is to find innovative ways to connect with remote computers over cellular networks, allowing devices to be managed even when turned off or offline. This can be used to connect with lost or stolen devices and then lock and wipe them, before information is stolen. This not only reduces the risk of data leaks and breaches, it can lower IT costs by reducing the need for replacing PCs.
A more resilient and secure connection to remote computers also reduces the time and effort needed to resolve support tickets. HP has developed this type of IT management connectivity solution — our new HP Wolf Connect service now enables IT to manage many models of HP commercial devices, even when they’re powered down or offline.
Our reimagining of the workplace must take into account the nuanced security risks and challenges that characterize a flexible work environment. We must move away from old perimeter-focused thinking. The endpoint must now be the focus for applying protection in the hybrid era. Adopting hardware-enforced security features and protection above, in, and below the OS – such as application isolation – is key for protecting users without impinging on the freedoms that hybrid work allows.