The modern workplace is hybrid. Employees work in the office, at home, at privately rented desks or in cafés. They use a mixture of corporate-issued and personal devices, switching from Word documents on their laptops to diaries on their cell phones.
And there’s good reason for this! A hybrid working model promises a wealth of benefits: increased productivity, reduced costs, and improved work-life balance for your employees. But it can also present IT and security teams with huge challenges. The two most immediate of these are productivity and provisioning, and security.
Without being given the tools to work effectively from outside the office, employees can’t do their jobs to the best of their ability. This makes company productivity fall and puts strain the IT helpdesk by creating lots of tickets for them to address. But the productivity you harness by having the right collaboration tools could still be jeopardized at the hands of a cybercriminal, if you don’t have the right security architecture in place.
In this guide, we’re going to talk through some of the main tools and methods that you can use to support and secure your hybrid workforce, from boosting communication and collaboration to protecting your workers against sophisticated cyberthreats.
Let’s get started.
Communication And Collaboration Tools
A hybrid work model allows employees to work from outside the geographical confines of the office. One of the most immediate challenges that this presents is communication. Without being able to talk to each other in person, be that in a formal meeting environment or over a quick coffee, it can be difficult for employees to collaborate. This can have a huge negative impact on productivity.
But today’s digital-native workplace has a solution for that, with a variety of cloud-based tools available to help employees talk to one another and work together effectively, whether they’re in different rooms, different buildings, or on different continents.
There are two main catalysts for productivity we’d like to discuss here: cloud-hosted email clients, and communication apps.
Email is the one of the most popular communication platforms used in the modern workplace, providing users with an easy way to share files and keep on track of meetings, as well as messaging one another.
Cloud email is an internet-delivered email service provided by a vendor on a subscription basis, with plans usually based on email volume. The email service provider hosts the application using their own cloud technology, so that your organization doesn’t have to develop or install any software on-prem, and email delivery is managed by your service provider, rather than a third-party tool that you manage yourself.
Cloud-hosted email solutions are easier to deploy than on-prem solutions, with less upfront costs and clear performance metrics. With more flexibility and scalability than an on-prem solution, a cloud email client is an absolute necessity in enabling the productivity of your hybrid workforce.
The two most popular cloud-hosted email clients for business are Microsoft Outlook and Gmail, which are available as part of the wider Microsoft 365 and Google Workspace productivity suites. Which bring us onto our next point…
Cloud Productivity Suites
While email makes it possible to share files directly with other users, there are often restrictions on the size of file that can be sent, and users can’t collaborate on files in real-time. Without the ability to do this, employees can find themselves working with outdated data, which wastes their time and resources. That’s where a cloud productivity suite comes in.
Cloud productivity suites are bundles of software applications that enable users to work together continuously and in real-time from any location. They often include an email client, word processing software, spreadsheets, presentation tools, and a shared file drive, and some also offer instant messaging or videocall tools.
The likelihood is that your business is already using cloud-based collaboration software, as many software vendors—including Microsoft and Google—have migrated their most popular products to the cloud already. But subscribing to a stack of collaboration tools that are bundled into a neat suite will ensure your employees have all the tools they need to be able to work efficiently
Email is great. But sometimes we need to communicate in a slightly less formal manner, or send a message that needs a more instant response.
Instant messaging apps enable employees to communicate quickly with one another, so that they can respond easily to small queries without having to worry about the formality of drafting an email. But this lack of formality also makes them a great way for employees to get to know one other, even when they’re based in different locations.
Team building can be a big challenge for hybrid or remote teams that may not get the chance to meet in person very often, particularly if they’re based in different countries. By allowing your teams to shoot one another a quick message, you can encourage more effective communication and promote teamwork.
Think of email as the alternative to a scheduled meeting, while your instant messaging app is the digital version of a water cooler chat.
But we’re not quite finished yet—there’s a third type of communication app that your business should invest in to support your hybrid workforce: video conferencing. Video conferencing tools are extremely important for hybrid and remote teams, as they boost productivity and reduce travel expenses associated with in-person meetings by enabling employees to “hop on a call” and facilitate meetings from any location. In addition to this, they can help reduce the feeling of isolation often associated with remote work, and remove communication barriers by allowing employees to pick up on one another’s non-verbal expressions.
Microsoft Teams and Zoom are currently the most popular communication apps in terms of market share, followed by Cisco Webex, LogMeIn, Cvent and Slack.
For more information on how you can use some of the most popular instant messaging and video conferencing apps to support your hybrid workforce, and to ensure that you’re using them effectively and securely, take a look at our following guides:
While productivity is incredibly important, it’s not the only thing that you need to consider when implementing a “work from anywhere” office model. You could have an incredibly productive hybrid team generating very valuable work, but all of that work could be jeopardized if the team isn’t given the proper security needed to work outside the office—and network— perimeter.
Traditionally, the network perimeter—the boundary between an organization’s intranet and the external internet—was defined by security tools such as:
- Border routers, which monitor inbound and outbound network traffic
- Firewalls, which allow or block network traffic based on security policies
- Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), which respectively detect malicious activity in network traffic and alert IT teams to that activity, or monitor the network for risks and vulnerabilities that could develop into threats
These tools operate on the basis that everything within the network is secure, and everything outside it is not. But in today’s hybrid work environment—with remote workers, third-party vendors, mobile endpoints, cloud-hosted software and geographically distributed offices—that boundary has become blurred.
So, organizations adopting a hybrid way of working need to find new ways to protect their workers—and their corporate data—against cyberattacks.
That can be easier said than done, but fear not—we’re here to help! Without further ado, here are our recommendations on the top security tools your business should be using to protect your hybrid workers:
Less than half of organizations prohibit their employees from using public Wi-Fi networks to perform work-related tasks, and 72% of all employees use public Wi-Fi to work—including 55% of those whose companies tell them they shouldn’t!
And unsecure internet connections—such as public Wi-Fi—are a huge risk when it comes to remote or hybrid work because they’re easy for cybercriminals to tap into, which allows them to install malware on a user’s device or carry out a man-in-the-middle (MitM) attack. A MitM attack involves a threat actor intercepting the communications between two entities—the user and the application, system or server they’re connected to. The attacker can then eavesdrop on the user’s activity, or secretly modify the data being sent while impersonating the entity that the user is communicating with. An example of this is phishing pages; the attacker directs the user to a fake company website and manipulates them into entering their login credentials, which the attacker can them use themselves to access the user’s account with the genuine service they were impersonating.
One of the most effective ways to prevent these attacks is implementing an enterprise virtual private network, or “VPN”. A VPN creates a private network across a public internet connection, encrypting the connection and hiding the user’s IP address. Essentially, VPNs act like a tunnel between the user’s device and the internet; no-one can see what’s happening inside that tunnel except the user and the entity that they’re communicating with at the other end. This secures the user’s online activity and ensures that, if a hacker does tap into their internet connection, they’ll just find themselves facing an unreadable muddle of encrypted data.
As employees are increasingly working from outside the workplace, identity has become the new perimeter; identity is fundamentally what grants users access to corporate systems, applications, and data.
And when impersonated by a cybercriminal, that same identity grants the same access.
There are plenty of ways in which a threat actor can get hold of a user’s identity, which usually comes in the form of a login credential. The most common of these are brute force attacks, in which the attacker uses a computer to crack the user’s password, and phishing attacks, in which the attacker manipulates the user into simply sending them their login credentials.
Unfortunately, these attacks are not only common but also successful; 61% of all breaches involve the use of lost or stolen credentials.
The best way to protect your organization against identity- and credential-related breaches is by implementing a multi-factor authentication (MFA) solution. MFA improves account security by requiring users to verify their identities in two or more ways before they’re granted access to a network, system or application. They can do this using something they know (e.g., a password or PIN), something they have (e.g., a smart card) or something they are (e.g., their biometric information, such as a fingerprint scan or measurement of the way they move or type).
With MFA in place, a bad actor can’t access a user’s account even if they manage to crack their password—after all, it’s much more difficult to steal a fingerprint or impersonate a user’s typing pattern than it is to look up their pet’s name or their date of birth.
And on that note, some methods of authentication are stronger than others. To learn more about this, we recommend reading our guide to phishable vs. non-phishable MFA before you decide which method to enforce across your organization.
While many organizations find themselves on a road to passwordless authentication, passwords are still the primary method of authentication used by businesses and consumers alike. We’re familiar with them, they’re easy to use—and unfortunately, when used incorrectly, they’re also easy to crack.
Many users are guilty of creating weak passwords, storing them insecurely (did you just look at the post-it note stuck to the side of your screen?), sharing them insecurely, and re-using them across multiple accounts. In fact, 8 out of 10 people find password management difficult—and when it’s predicted that the average user will have 300 accounts by the end of this year, who can blame them?
But password management doesn’t have to be such a chore.
Business password managers do exactly what they say on the tin—they manage an employee’s passwords for them, by storing them in an encrypted vault that the user can access by entering their unique decryption key, or “master password”. Because a user need not remember the individual passwords to each of their accounts, they can create strong, unique passwords for all of them.
Some password managers also offer secure credential sharing functionality and notify users if their passwords have been compromised in a breach, so they know to update them.
Endpoint Management And Security
When implementing a hybrid work model, many organizations also implement a “bring your own device” (BYOD) policy, which allows employees to use their own personal devices for work purposes. A BYOD device fleet can increase productivity and reduce minor helpdesk tickets, because suers are so familiar with the devices. It can also reduce provisioning costs and make it easier for employees to switch between locations. Because of this, 33% of U.S. employees use a personal computer and smartphone to work remotely, and only 17% use a computer and smartphone owned by their company.
But businesses with a large percentage of remote workers and BYOD devices are at most risk of experiencing an endpoint attack, with personal consumer devices being twice as likely to become infected by malware than their corporate counterparts. There are a number of reasons for this: organizations with BYOD policies often fail to invest in cloud-based security tools to protect personal devices against cyberattacks, 73% of employees aren’t given any security awareness training when they switch to remote work to educate them on remote or hybrid security best practices, and personal devices are more likely to be used in unsecure locations. This means they may access the corporate network via unsecured home routers or free public Wi-Fi networks, or while plugged into a malicious public USB port or charging station.
Because of this, it’s critical that you invest in a strong endpoint security solution to protect your users devices against malware and viruses, as well as a unified endpoint management (UEM) tool that enables you to monitor and manage all PCs and mobile devices connected to your network, to help configure usage policies and roll out vulnerability patches.
Cloud Email Security
Although we’re increasingly relying on social media and instant messaging platforms to communicate in the workplace, email continues to be the primary method of communication. Cybercriminals know this and they exploit it—email threats continue to be the most prevalent and widely reported type of attack that we see today. And as the adoption of a hybrid workplace increases, so does the number of email threats businesses are facing, with 81% of organizations around the world having experienced an increase in phishing emails within the last two years.
The best way to protect your hybrid employees against email threats such as email-distributed malware, spam, graymail, and phishing, is by implementing a cloud email security solution.
Cloud email security solutions use machine learning algorithms to identify anomalous activity in each user’s email communications, including inbound, outbound and internal messages. This helps to block sophisticated phishing attacks and malicious content before they ever reach their intended recipient, as well as identify and prevent the spread of account takeover.
Implementing a hybrid work format can improve your employees’ work-life balance, increase productivity, and reduce costs.
But it can also be a massive headache for IT teams if employees aren’t provisioned properly, and can lead to serious security consequences when the proper protections aren’t put in place to secure hybrid workers against cyberattacks.
So, to really unlock the benefits of a hybrid model, remember to promote productivity and stay cyber smart.