How To Keep Your Business Secure In A Hybrid Workforce
Adapting to the demands of our new hybrid workforce introduces different ways of working. Some of your knowledge workers may have already worked from home on occasion but now you’ve got several categories of hybrid workers to keep in mind.
These include (but are not limited to):
- Home Working knowledge worker
- Mobile knowledge worker
- Knowledge workers who use both home and office
- Contact centre agents at home
- Limited in-office contact centre staff
- Sales and support teams visiting customers
- Behind the scenes staff like warehousing (first-line workers)
Keeping each of these types of worker online and secure is a unique challenge you were unlikely prepared for before the pandemic. And just because you find yourself in this position, it doesn’t make you any more prepared.
In this post, we walk through five key technologies to keep your new hybrid workforce secure.
If your legacy cyber security setup is based on-site then you’ll need a solution to expand your security to workers on the road and at home.
It is not enough for home workers to be expected to connect to a secure VPN and abide by every security protocol as they would in an office. Sometimes it will create an experience counterproductive to getting the job done. Other times it might be completely impossible.
With cyber security-as-a-service, you can select the cyber security elements you need on a user by user basis. There’s no need to subscribe everyone to a new online security solution if some users will always be office-based. Likewise, you may be able to free up some of your on-premises security licenses if some employers have chosen to be remote-only.
Cyber security-as-a-service is all about control of who needs what. Like all as-a-service options, you can choose what you need and consume that as a tailored service.
With role-based access control in play too, you can assign different roles and access levels per team, level, or need. This makes it more efficient when assigning who can access what when outside of your office.
Security Incident Response Team (SIRT)
When unplanned security incidents occur, who is left fighting the fire?
Maybe you have an escalation process where your NOC needs to escalate to get permissions or controls they don’t usually have?
Perhaps you depend on the on-call engineer who would rather get a night’s sleep for once?
Unless you’re a genuinely 24/7 support team, you could be using a security incident response team (SIRT).
Instead of spraying the firehose at a non-troubleshooted incident or attack, a SIRT is always on-hand and can react instantly and appropriately to any potential threats.
“There are only two types of companies: those that have been hacked and those that will be.”
- Robert Mueller, Ex-Director of the FBI.
Nasstar was recently recognised as Best Managed Security Service at SC Awards Europe. As well as offering a full cyber security-as-a-service solution, Nasstar’s SIRT is available to all customers in the event of a suspected breach.
Craig Stirling, Head of Security at Nasstar, commented:
“It is our passion and motivation to help to protect anyone affected by security breaches so we make our team available 24/7 to provide free of charge confidential advice. This includes both existing Nasstar customers and new customers who are concerned that they may be victims of a cyber breach.”
PCI compliant payment solutions
Since December 2004, it has been compulsory for businesses taking payments to adhere to PCI compliance standards.
“Any entity that stores, processes, and/or transmits cardholder data is subject to PCI compliance.”
While it’s been high on the agenda for IT Managers to put in place and maintain PCI compliance in office environments, ensuring PCI for first-time home workers is a new challenge.
With agents often using their mobile phones or personal laptops, ensuring PCI compliance becomes tricky. The risk of not being compliant versus ensuring the security and integrity of cardholder details is heavily swayed in one direction.
According to PCI Compliance Guide, if you are found to be in breach of PCI DSS, you could be fined £4,000 to £80,000 per month by payment providers.
The PCI compliance requirements for companies working remotely either full-time or part-time are identical.
If you were forced into sending your agents to work from home during the coronavirus pandemic, this may leave you at risk of failing to adhere to PCI DSS requirements as you may not be able to protect cardholder data at rest or in transit.
This includes businesses of all sizes in line with the PCI DSS levels outlined in the section above.
The PCI compliance for remote workers is therefore exactly the same as it is for any other business. And with checklists, solutions, and equipment to help out here, there is no leniency from governing bodies.
If you’ve had to move your contact centre to home workers, check out our PCI Compliance Checklist For Remote Workers.
Communication becomes collaboration
In an office environment, physical handsets and in-person meetings may have been enough to keep everyone connected.
Now that your teams are between home and office on alternating days, you may be facing demand for more collaborative technologies.
Online tools like digital whiteboards, meeting software, and messaging apps have become commonplace as an alternative to in-person collaboration so there is more strain on your digital tools.
As such, there’s a high chance you’re one of the 145 million daily active users of Microsoft Teams. With such monumental growth before, during, and after the pandemic, Teams has become the go-to collaboration solution.
But, what happens to your existing communications infrastructure?
When Nasstar acquired Modality Systems in 2019, a key theme was recognising the shift from traditional communications infrastructure to cloud collaboration technology. As Microsoft Teams specialists, and Skype for Business before that, Modality is best-placed to oversee transitions from legacy to modern-day collaboration.
“Empowering our users to make the most of our Microsoft Teams investment was key to our rollout strategy. Our users were really inspired by the training, as it was specific to our work. Everywhere I go I can see a user with a headset having a Teams meeting and it’s great. Being able to collaborate efficiently lets us focus on our mission to help more businesses to thrive. “
- Rob Hill, ICT Cloud Manager, Development Bank of Wales.
It’s a rare occasion when businesses migrate to Teams in one sweep so an iterative approach is most often beneficial.
Keeping your network secure even when people aren’t in the office
It’s one thing enabling access and applications outside of the office. But it’s another to ensure total security whenever they are used.
Every business will have different requirements so there’s no set template for keeping a hybrid workforce secure.
Think about technologies like VPNs and firewalls. These are hybrid security 101.
But also think about what happens when users are visiting customers and they might not have the same internet access as they do at home. Sometimes cloud apps are a better solution than a VPN tunnel back to the office.
And what happens when remote workers are reliant on weaker internet of mobile data connections?
It feels like there are more questions than answers when it comes to hybrid working security.
Moving to a hybrid workforce is hard enough before you consider the new and potential security threats.
While there’s no denying changes need to be made, there are technologies readily available to support you.
Whether you’re moving to fully remote, moving everyone back to your office, or operating as a hybrid workforce, Nasstar provides a full suite of security solutions that can be tailored based on your operational model.