Publish date: 10.03.23

The rise of the office happened over the course of a century. This slow pace allowed companies to adjust, to put security measures in place, to gradually change their culture. However, the global pandemic ripped up the rules.

In every country around the world, there was an unprecedented shift to remote working. While most organizations had security policies for the office and remote work, they weren’t ready for the increased scale. But cyber attackers were: In the early months of the COVID-19 Pandemic, phishing email attacks increased by more than 600%.1

Now we face a new challenge of hybrid working. This combination of people working at the office and at home, and everywhere in between, is the new normal. Once again, we must ask ourselves if our security infrastructure is able to cope. Arguably the biggest risk to your organisation’s security comes from your endpoints, which have moved out from behind the security of a firewall and into homes and cafes around the world. These endpoints include PCs, laptops, smartphones, virtual environments, servers, and—perhaps surprising to many—printers.
This proliferation in devices has proven too big a temptation for hackers to ignore. And more endpoints mean greater vulnerability.

Remote employees now need to be fully aware of the ways cybercriminals can penetrate and attack their at- home systems, including malware, denial of service (DoS), phishing, and password attacks for you to stay ahead of the latest threats. Because it’s going to be an ongoing battle: The attackers know our vulnerabilities, and that includes human behaviour. If there’s one statistic that should guide our actions, it is that human error causes 90% of data breaches.2

To bolster your cyber defences, you must assume the worst which means making sure that your at-home devices are protected with the same level of security as your business systems at the office. To do this, you need a powerful combination of hardware, software, and services to help detect, protect, and recover from attacks.

With this in mind, let’s explore how we can help you to secure your hybrid workforce

1. Adopt devices that come with enterprise-grade security built in as standard

The old adage goes that a chain is only as strong as its weakest link. This applies to your security too. If your employees are using consumer-grade equipment, then chances are they’re only getting consumer-grade security, the implications of which could extremely serious from a legal and compliance point of view leaving you open to potential fines and reputation damage.
For example, it could mean a sensitive business document with confidential information left sitting on a home printer because there’s no PIN protection. Or it could mean malware downloaded by someone distractedly clicking on an email while multitasking. Or someone catching a glimpse of a colleague’s laptop screen at the airport or café and seeing sensitive information.

To get an understanding of the scope of security risks, consider how quickly the definition of a printer has changed from “a hardcopy device that just prints documents” to “a multi-function networked device” that effectively serves as a document server with direct access to the wider company network. It has an operating system, cloud and local storage capability, and mobile access.

Today’s ever-growing number of security risks requires a smarter approach to securing devices, documents, and data—at an enterprise level. HP Managed devices are simply more effective at managing a larger collection of endpoints. It enables you to manage remotely, from a central hub, and configure protection as needed to relevant devices.

2. Audit your number and types of endpoints to establish the level of threat

Do you know how many devices have access to your data? Have you thought about what it means to have all printers connected to the network? When you consider the hidden risks of working from anywhere, including voice-controlled digital assistants, watches, network-connected sensors in your car, and an untold number of other devices, it’s rather eye-opening. Identifying your endpoints—made more complicated by remote work and bring-your-own- device policies—is a critical step toward secure hybrid working. Making sure those endpoints are secure is your best defence against the growing number of threats facing your business. Landscape can provide assessment tools that can help you to identify all of your endpoints, regardless of where they reside. Request an assessment today.

3. Secure all of your different types of endpoints

Hybrid workers want to stay productive and work from anywhere, and that means that they need the ability to print sensitive documents at home with the confidence that they’re doing so in a secure and compliant way. They also need the same level of security whilst working in public places. Policies and guidance will only get you so far. To properly maximise your security, make sure you’re using the world’s most secure PCs4 and printers5 from HP with hardware-enforced security features. These feature layers of protection below, in, and above the OS to proactively prevent threats and to quickly recover in the event of a breach. Back in the office, HP Managed printers can detect and self-heal from malware. Plus, because they have the industry’s only upgradable firmware, new security features can be added over time.

4. Look beyond your four walls (and that includes your firewall)

A business’s fortress used to be its four physical walls and one powerful firewall to protect the network. With the advent of hybrid working, this no longer applies. Businesses are now in the position that they need to rapidly build new, digital defences that protect their workers wherever they are in light of the ever-evolving threat landscape.

This could mean shifting to a digital workflow with secure scanning of printed documents, and assignment of security levels determined by machine learning. It could mean safe storage in a secure public cloud—most likely, multi-cloud storage to ensure business continuity and data recovery. Or again it could mean strengthening the security of your remote endpoints and deploying new hardware built with the hybrid worker in mind.

This means that you need to consider embracing adaptive, context-based multi-factor authentication to ensure home offices are protected at the granular level.

5. “Never trust, always verify” – adopt a zero-trust policy

The final step in our guide focuses on the importance of embracing a zero-trust policy.
In today’s work environment, threats exist everywhere, both inside and outside network boundaries. So as security professionals say: “ Never trust, always verify.” With a zero-trust policy, you control every aspect of user access. Zero trust means operating as if a data breach is inevitable—or has already occurred. Strict verification is always required, and least-privileged access is applied for every access decision. If a user attempts to access resources with legitimate credentials but with an unauthorised device, their request is automatically denied. If any hint of a threat is detected, access to applications is severed. For a zero-trust strategy to work, all users and devices must be authenticated. Once authenticated, trust is extended but only for a specific application, thus minimizing exposure to sensitive parts of the network.

Summary

It’s clear that in 2023, organisations must take immediate action to deal with the security risk inherent in a workforce shifting not just to remote working but also to working anywhere.

And this is where we can help: in partnership with HP, Landscape can provide you with the world’s most secure PCs4 and printers,5 but also a multi-layered, defence-in- depth security strategy to help you detect, protect, and recover from attacks. Keep one step ahead of threats to your network and digital workflows, reduce risks, and stay in compliance.

Get in touch today for a free assessment and discover how you can mitigate the cyber threats facing your hybrid workforce.

SOURCES

1) COVID19 Drives Phishing Emails Up 667% in Under a Month, https://www.infosecurity-magazine.com/news/covid19-drive-phishing-emails-667/, March 2020
2) 90 percent of data breaches are caused by human error, https://www.techradar.com/news/90-percent-of-data-breaches-are-caused-by-human-error, May 2019
3) Remote work changing landscape: IT Leader View, HP, May 2020
4) Based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on HP Elite PCs with Windows and 8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors and higher; HP ProDesk 600 G6 with Intel® 10th Gen and higher processors; and HP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th Gen processors and higher.
5) HP’s most advanced embedded security features are available on HP Enterprise and HP Managed devices with HP FutureSmart firmware 4.5 or above.
Claim based on HP review of 2021 published features of competitive in-class printers. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit: hp.com/go/PrintersThatProtect. For more information, visit: hp.com/go/PrinterSecurityClaims.