DAVE WATERSON, CTO & Founder, SentryBay
The hybrid workplace is becoming the new buzzword as companies look towards the coming months. Enabling employees to work some of the time remotely, and some of the time in the office seems like a sensible approach. But while it minimises Covid risks, the question we should be asking, is whether it might expose organisations to greater risks from cyberattacks.
Securing unmanaged endpoints has been a significant challenge for security teams in the past year as remote employees have been targeted repeatedly by cybercriminals through phishing attacks, ransomware, keylogging attempts, malicious emails and a whole variety of other scams.
The risks were already exacerbated by geographically dispersed employees, but as we come out of lockdown and start to adjust to a hybrid workplace, the devices being used by employees will be moving into and out of the corporate perimeter far more often and without protection they open the gateway for bad actors to walk straight through.
Pressure will be on companies to expand existing BYoD and BYoPC policies, so to ensure this can be done safely, a zero-trust approach must be taken to all endpoint devices. What this means is thinking beyond standard anti-virus software and VPNs – both of which have an important role to play – and deploying dedicated solutions to securely wrap data and applications and neutralise the impact of malware threats.
Real-time endpoint protection should be regarded as an essential, complementary layer to any existing unified remote access cyber security stack. This could include anti-virus, endpoint detection and response, virtual desktops and VPNs. Without armouring the endpoint, a potentially devastating breach will always be possible.
The past year has seen an alarming rise in cyber criminal activity. According to the National Cyber Security Centre nearly half of UK businesses registered a cyber breach or attack, and more flux in the market as companies adopt hybrid working models, will only encourage more malicious activity. Now is the time to eliminate the cyber risk and create a micro-environment in which applications and data can be kept safe, wherever and however your teams are working.