ManageEngine on security risks from the ‘hybrid holiday’

By Rajesh Ganesan, president of ManageEngine
Rajesh Ganesan, president of ManageEngine, highlights the top three security risks employers should be aware of as more staff seek a hybrid holiday

This year, it is expected that many employees will request a hybrid holiday – an emerging trend where longer holidays are booked with the intention of spending time working remotely from a travel destination.

In fact, a recent survey by Virgin Media O2 revealed that 76% of workers polled were considering adding remote-work days around their annual leave as part of an existing trip.

“Employers should be aware that, while offering benefits around employee wellbeing, these arrangements also pose greater security risks,” says Rajesh Ganesan, president of ManageEngine and an IT veteran with more than 20 years of experience in the industry. 

“Workers could be logging onto company servers from hotel lobbies, cafes, beach bars, airport lounges, or private villas across multiple destinations. Operating across this variety of uncontrolled networks increases the attack surface and leaves businesses more vulnerable to cyberthreats.”

Ganesan emphasises the risks that employers will need to consider to ensure that this popular new benefit does not compromise company security. He notes, "There will be more changes in the working model, and this will call for the traditional and legacy models of security to change, too. These changes stretch beyond just protecting corporate boundaries and individual cloud services. They also become imperative for our thinking to change holistically to a new model comprised of three security aspects: identity security, device security, and infrastructure security."

Three security risks bosses should consider as hybrid workers plan holidays

1. Identity security

While on a vacation, devices are often shared with family, friends, and even strangers. This could be to check emails, make payments, watch videos, or upload the latest holiday updates on social media.

However, that same device that's being used to carry out these personal tasks might also hold confidential company data. With device services functioning on data exchange, a person’s digital identity, such as credentials, passcodes, and accounts could very easily be compromised—and without them knowing.

Implementing a continuous Zero Trust model could help keep things in check, as it requires all users to be authenticated and validated for security configurations before they are granted access to corporate applications and data.   

2. Device security

It’s difficult to navigate in a foreign destination without the help of your smartphone, tablet, or other mobile device. When employees head off on vacation in a new destination, they often download new applications on the same personal devices they use for work purposes. This could be to book tickets for travel and activities, to hail a cab, or to pay for a meal.

Laptops, phones, tablets, and other endpoints are often exposed to unknown data channels while the device is actively logged on to a corporate network. And it's not just devices that pose a risk. Applications being temporarily installed on a phone can have disastrous results; it could instigate a phishing attack or result in malware or spyware making its way onto the device—all it takes is one dodgy public Wi-Fi connection for a hacker to compromise a device.

These endpoints are easy vectors for carrying out attacks on the corporate network once compromised, which highlights the need for organisations to implement unified endpoint management to remain secure.

3. Infrastructure security

This encompasses all elements of the network and its devices, both on-premises and in the cloud. With devices used in different regions and across all types of network connections, an organisation's infrastructure is left open to vulnerabilities.

Monitoring all events occurring across a network and identifying patterns and anomalies proactively is the best security strategy. The organisation's IT security team should be advised of anyone working outside a secure office network, so it can be prepared to take action as and when secure access is compromised.

Ganesan advises that “focusing on and investing in identity, device, and infrastructure security gives organisations the confidence to run complex corporate networks and enable employees to enjoy the freedom of working from any place with an internet connection.”

About IT management software company ManageEngine

ManageEngine, celebrating 20 years in the industry, crafts comprehensive IT management software. It provides more than 120 award-winning products and free tools to cover all IT needs. More than 280,000 organisations across 190 countries trust ManageEngine.

Share

Featured Articles

Create C-suite space for the Chief Transformation Officer

Responsible for driving growth and change, the Chief Transformation Officer is the latest addition to the C-suite as business undergoes major change

12 AI predictions for the enterprise in 2023 – Dataiku

With 2023 likely to be a huge year for AI, experts from AI platform provider Dataiku deliver their enterprise AI and ML trends for the year ahead

Welcome to the new breed of private members' clubs

The pandemic has given birth to a new breed of private members’ clubs where work and play merge, membership and spaces are curated, and community matters

Welcome to the New Age of the CISO

Leadership & Strategy

Making the UAE the world’s strongest digital fortress

Technology

World Mental Health Day – 10 apps to improve wellbeing

Leadership & Strategy