The corona pandemic has brought distortions to everyday work. Many studies say that some will remain permanent, for example, mobile working. It is becoming mandatory for companies to offer mobile working methods to stay attractive. New cyber risks accompany this. In Germany, the damage caused by cyber attacks in the home office in 2020 was over 50 billion euros. Many companies need to be better positioned in terms of IT. A modern digital workplace can solve this problem safely, securely, and sustainably.
Home Office: The New World Of Work Brings New Cyber Risks
The corona pandemic was and is associated with many restrictions and burdens. Paradoxically, however, it has provided more flexibility on one point: the establishment of mobile working, whether in the home office or on the go. It has become necessary for many companies to enable mobile working methods for their employees. However, this also results in new cybercrime risks because Many companies need to be set up digitally securely enough.
During the pandemic, employees quickly learned to appreciate mobile work.
In a survey conducted at the beginning of May 2020, more than 80 percent of those surveyed stated they were satisfied working from home. The reasons are varied. Some say the increased ability to concentrate and efficiency, while others are happy that they are spared the stressful commute to work. Studies conclude that these positive experiences are why even more mobile pieces will be carried out in the future.
Around half of all those working from home during the pandemic want this form of work in the long term. For companies, it is becoming more and more standard in recruiting to offer mobile working if you want to remain attractive to applicants.
Problem: new cyber risks, old protection systems
So is working from home an essential success factor in the job market? Yes, but only under the right conditions. One of the problems is the aspect of IT security. Employees, who often use less secure connections at home than in the office, are usually the first point of attack for cybercriminals. For 2020, this meant: 52.5 billion euros in damage from cyber attacks in the home office. The problem is noticeable across the board. 59 percent of the companies that offered their employees mobile work were affected. Companies need to upgrade and arm themselves with secure and user-friendly IT solutions. It must always be ensured that a modern IT security concept must always go hand in hand with good usability. Because even the safest environment then becomes a problem.
Think Safe And Modern Workplaces Holistically
Good IT security always starts with a modern workplace concept adapted to today’s requirements. Modern workplace designs should always be planned and implemented with an associated and adequate security concept. However, the rapid switch to working from home caused by the pandemic has meant that many companies have had to create short-term opportunities to enable working at any time and from any location.
The IT security factor was neglected in many cases. There is an urgent need for action here because outdated IT security concepts that only provide basic protection measures (such as virus scanners and firewalls) are no longer sufficient for a hybrid, modern working environment.
IT Security And Usability In Harmony
However, the increase in IT security precautions does not mean that this restricts the efficiency and usability of users. On the contrary: modern security concepts must go hand in hand with usability. Because the best security measures are those that are not noticed by users as much as possible but take effect when necessary.
It is not enough to apply old security concepts to new cloud technologies. Therefore, a recommended approach is combining different technologies and techniques to meet the security requirements of the hybrid working world. First and foremost is the Zero Trust approach, combined with what is known as Advanced Threat Protection technology. This is a security model based on the principle of not trusting any device, user or service and regulating all user access to company data.
The Zero-Trust Approach
According to the Zero Trust approach, every end device is potentially insecure. The end devices are therefore removed from the company network, direct access to the network is withdrawn, and the devices are made “manageable” in this way. Data and apps can be managed centrally via modern end-device management.
The advantage: a significant increase in security without restricting usability. The user hardly notices anything and moves freely, with a single sign-on, as usual in his applications.
Based on the so-called “least privileged principals”, users are only granted the access rights they require and every system access is checked using a multi-stage process. This includes technologies such as conditional access, device trust and multi-factor authentication. For this purpose, it is contained in the background whether the system identifies parameters that require further authentication to be requested.
This happens, for example, when an unknown device accesses it. Access can also be denied entirely. This policy applies, for example, if a request to the system is not plausible due to a quick change of location. If a device is nevertheless attacked and compromised by cybercriminals, it does not offer any further access to the company network.
Limitations Of The Zero Trust Approach
Even the best model can reach its limits in practice. With the Zero Trust approach, these limits are found in a grown IT landscape and legacy applications, often implementing the concept complex. A standard solution in such cases in many companies is a VPN connection to the corporate network. However, VPN tunnels have historically never been designed for such use as has become necessary over the past two years.
This means that users struggle with stability problems, and scaling is challenging. From an IT security point of view, this technology also harbors a whole range of risks. Because the direct connection to the company network opens the floodgates for attackers to spread unhindered in the systems,
Stay competitive thanks to the right strategy.
The bottom line is: companies must meet the growing demand from employees for flexible models safely and sustainably. To ensure this and remain competitive, the use of cloud technologies in companies will continue to increase. Therefore, it is essential to actively address the security risks that these new working models entail and to adapt IT structures and concepts accordingly.
This applies to companies of all sizes. It is a fallacy that small companies have less to hide. Companies on the open market have to face up to this development if they want to remain competitive.