Mitri Roufka
Mitri Roufka (Program Director, Imaging Devices & Document Solutions)

As more organisations embrace hybrid working, the security challenges of a decentralised workplace are becoming increasingly clear. Implementing a robust IT security strategy and using the right products and measurable KPIs will boost security capabilities and minimise risks, bringing huge value to your organisation. Secure by design is the way forward.

The best practices for secure file synch and sharing in hybrid working environments include:

  • Evaluating risks in a hybrid working environment 
  • Enabling secure file synch and share from anywhere (zero trust)
  • Unifying your security through a simple, integrated platform (single pane of glass)
  • Educating your workforce to embrace secure work practices

Evaluate Risks in a Hybrid Working Environment

This is key to making sure the data and information sitting in the files that employees are synchronising and sharing are secured and safe. To evaluate the risks, organisations need to look at four main aspects:

  • Physical: Employees use PCs and probably personal devices such as mobile phones and tablets that may have access to the organisation’s systems. Organisations need to evaluate how these devices are secured in case of theft. For example, when employees are working outside the organisation, unauthorised people shouldn’t be able to access the organisation’s system, sensitive files and information.
  • Technical: Digital files can be stored on the organisation’s servers, in the cloud and on employee devices. Organisations need to deploy solutions that ensure secure access, synchronisation and transmission of files and data. Organisations need to take a holistic view when analysing their whole IT infrastructure and environment to make sure it has no security gaps. Organisations report that around 4 in 10 internet break-ins occur despite a firewall being in place. So, relying solely on encryption and firewalls is not enough if all elements — such as access control and authorisation — are not secured. While some companies enable employees to use personal devices to access internal resources, these devices create significant security risks because there’s no formal process to verify that they are updated and maintained. The solution is continuous, 24 x 7 monitoring of these devices to identify malicious behaviour and respond instantly to mitigate the damage. 
  • IT support: Cybercrime has boomed since the pandemic. Organisations need to evaluate the breadth and quality of their IT support and their IT personnel capability and availability to react to security threats, especially for employees working outside the organisation firewall. Hybrid-working employees are more vulnerable to security risks, and time is usually critical with these security threats.
  • Business procedures and access to files/data: The main purpose here is to identify vulnerabilities and gaps in the workflow where potential risks are higher. To do this, the focus needs to be on how work gets done and by whom rather than on where work gets done. This must go hand in hand with finding ways to ensure data, applications and resources security without affecting the workforce’s efficiency and productivity. This also means it’s critical to assess what type of data/files employees have access to, what devices and applications they use, and what vulnerabilities exist in their environment so that organisations can implement the right controls to react in time. For instance, if employees are accessing protected data stored in the cloud for collaboration purposes, then using multifactor authentication to authenticate user access, VPNs to encrypt traffic and downloading security patches are highly recommended to tighten security.

Enable Secure File Synch and Share from Anywhere (Zero Trust)

An increasing number of organisations are digitising their workflow processes and using the cloud to facilitate and support hybrid working so that employees can work from the office, home or remotely. File and data access, synchronisation, sharing, storing and transmitting are key functionalities that hybrid workers need for their job, which means the number and size of such files and data in electronic format are rapidly increasing. To ensure the highest security measures in such environments, organisations need to implement zero-trust policies — the best way to address the challenges associated with digitisation, the cloud and hybrid working.

Also, implementing the principle of least privilege and ensuring that employees only have access to the data they need to complete their day-to-day jobs is critical to ensure that data doesn’t fall into the wrong hands.

Zero trust assumes that everyone is not trustworthy at the beginning of any action. This means the system performs proactive and automatic authentication to check authorisation before granting access to any application, process or database. In addition, the authorisation status is continuously validated while applications and data are in use. So, the main aim of zero trust is to implement strong identity verification and device compliance validation. It also helps organisations to comply with both internal and external regulations, simplifies the auditing process and enables much easier compliance.

Organisations need to accept that cyberattacks can be successful, and prepare schemes and solutions for effective recovery. Siloed data and processes are the major obstacle to zero trust, so organisations need to make sure everything is under the umbrella of one solution.

Unify Your Security Through a Simple, Integrated Platform (Single Pane of Glass)

It has never been more important to unify the security of organisations’ network environment, IT devices and workers:

  • Cybercrime is on the rise. Since the pandemic, organisations have made greater use of the internet and this has led to a significant increase in cyberattacks, which are now more sophisticated and pose a bigger threat year on year.
  • Organisations are increasingly using information technology and the Internet of Things.
  • Organisations are increasingly challenged by an over-abundance of IT products.
  • Security is becoming embedded everywhere.
  • Managing IT security in hybrid-working operating environments is becoming much more complex and challenging.
  • There is a growing lack of visibility in organisations’ end points.
  • IT and security need to work together to ensure employee productivity and efficiency.

Unification should aim to have end-to-end visibility of the whole IT environment. With a unified cybersecurity platform, organisations can protect data and resources across public, private, hybrid and multicloud environments with end-to-end visibility.

One of the major benefits of unification is that it provides everything that security personnel need in a single interface to help them effectively and efficiently protect employees, systems and assets. Another key benefit is related to cost efficiency because a unified security platform is less expensive to acquire and maintain than individually integrated and proprietary solutions. Organisations with unified security solutions can do more with the current IT staff, which is essential with many organisations facing a shortage of skilled IT workers.

With a unified security environment, organisations will benefit from a more secure environment (across public, private, hybrid and multicloud environments with end-to-end visibility) where all security needs are integrated and aligned by design into all aspects of the organisation’s IT infrastructure, business processes and security strategy.

Educate Your Workforce to Embrace Secure Work Practices

One of the biggest challenges that comes with remote working is ensuring that employees are security conscious when working outside the office — for example, whether they’re downloading all security patches, maintaining devices with antivirus/antimalware solutions and selecting strong passwords.

Security tools alone can’t fully protect the organisation if human behaviour is not also addressed. This means that if employees are not adequately trained on and implementing basic security practices at home, then there will inevitably be a much higher security risk.

Employee security awareness and education is probably the most overlooked and underestimated aspect, despite it being so critical. Reports show that about 8 in 10 cases of file/data loss are caused by employees inside the organisation.

It’s essential that organisations:

  • Educate and train the workforce to embrace secure work practices and make sure employees are aware of the threats of file and data loss
  • Deploy and enforce security policies and make employees accountable for any non-responsible behaviour and actions

 

Further reading:

Secure by Design: File Sync and Share for Hybrid Workplaces

Future of Work: Strategies for the Flexible Work Experience

How Dropbox Makes Asynchronous Work

Why a “Back to the Office” Strategy Will Fail (And Work Will Shift to a “Digital HQ”)

IDC FutureScape Webcast: Worldwide Future of Work 2023 Predictions

Work Automation and Digital Skills — A European Future of Work Perspective

Spread the love
Digital Transformation FoW future of work hybrid work Security