A hybrid holiday is an emerging trend of longer holidays booked with the intention of spending time working remotely. That can pose cyber risks, an IT man warns. IT security changes may have stretch beyond protecting corporate boundaries and cloud services. They also become imperative for our thinking to change holistically to a new model comprised of three security aspects: identity security, device security, and infrastructure security, says Rajesh Ganesan, president of ManageEngine.
Identity security
While on a vacation, devices are often shared with family, friends, and even strangers. This could be to check emails, make payments, watch videos, or upload the latest holiday updates on social media.
However, that same device that’s being used to carry out these personal tasks might also hold confidential company data. With device services functioning on data exchange, a person’s digital identity, such as credentials, pass-codes, and accounts could very easily be compromised—and without them knowing.
Implementing a continuous Zero Trust model could help keep things in check, as it requires all users to be authenticated and validated for security configurations before they are granted access to corporate applications and data.
Device security
It’s difficult to navigate in a foreign destination without the help of your smart phone, tablet, or other mobile device. When employees head off on vacation in a new destination, they often download new applications on the same personal devices they use for work purposes. This could be to book tickets for travel and activities, to hail a cab, or to pay for a meal.
Laptops, phones, tablets, and other endpoints are often exposed to unknown data channels while the device is actively logged on to a corporate network. And it’s not just devices that pose a risk. Applications being temporarily installed on a phone can have disastrous results; it could instigate a phishing attack or result in malware or spyware making its way onto the device—all it takes is one dodgy public Wi-Fi connection for a hacker to compromise a device.
These endpoints are easy vectors for carrying out attacks on the corporate network once compromised, which highlights the need for organisations to implement unified endpoint management to remain secure.
Infrastructure security
This encompasses all elements of the network and its devices, both on-premises and in the cloud. With devices used in different regions and across all types of network connections, an organisation’s infrastructure is left open to vulnerabilities.
Monitoring all events occurring across a network and identifying patterns and anomalies proactively is the best security strategy. The organisation’s IT security team should be advised of anyone working outside a secure office network, so it can be prepared to take action as and when secure access is compromised.
Ganesan advises that “focusing on and investing in identity, device, and infrastructure security gives organisations the confidence to run complex corporate networks and enable employees to enjoy the freedom of working from any place with an internet connection.”
