Security risks from the hybrid holiday

hybrid

Rajesh Ganesan, president of ManageEngine, highlights the top three security risks employers should be aware of as more staff seek a hybrid holiday this summer.

This year, it is expected that many employees will request a hybrid holiday—an emerging trend where longer holidays are booked with the intention of spending time working remotely from a travel destination.

A recent survey by Virgin Media O2 revealed that 76% of workers polled were considering adding remote-work days around their annual leave as part of an existing trip.

“Employers should be aware that, while offering benefits around employee wellbeing, these arrangements also pose greater security risks,” says Rajesh Ganesan, president of ManageEngine and an IT veteran with more than 20 years of experience in the industry. “Workers could be logging onto company servers from hotel lobbies, cafes, beach bars, airport lounges, or private villas across multiple destinations. Operating across this variety of uncontrolled networks increases the attack surface and leaves businesses more vulnerable to cyberthreats.”

Ganesan emphasises the risks that employers will need to consider to ensure that this popular new benefit does not compromise company security. He notes, “There will be more changes in the working model, and this will call for the traditional and legacy models of security to change, too. These changes stretch beyond just protecting corporate boundaries and individual cloud services. They also become imperative for our thinking to change holistically to a new model comprised of three security aspects: identity security, device security, and infrastructure security.”

Identity security

While on a vacation, devices are often shared with family, friends, and even strangers. This could be to check emails, make payments, watch videos, or upload the latest holiday updates on social media.

However, that same device that’s being used to carry out these personal tasks might also hold confidential company data. With device services functioning on data exchange, a person’s digital identity, such as credentials, passcodes, and accounts could very easily be compromised—and without them knowing.

Implementing a continuous Zero Trust model could help keep things in check, as it requires all users to be authenticated and validated for security configurations before they are granted access to corporate applications and data.

Device security

It’s difficult to navigate in a foreign destination without the help of your smart phone, tablet, or other mobile device. When employees head off on vacation in a new destination, they often download new applications on the same personal devices they use for work purposes. This could be to book tickets for travel and activities, to hail a cab, or to pay for a meal.

Laptops, phones, tablets, and other endpoints are often exposed to unknown data channels while the device is actively logged on to a corporate network. And it’s not just devices that pose a risk. Applications being temporarily installed on a phone can have disastrous results; it could instigate a phishing attack or result in malware or spyware making its way onto the device—all it takes is one dodgy public Wi-Fi connection for a hacker to compromise a device.

These endpoints are easy vectors for carrying out attacks on the corporate network once compromised, which highlights the need for organisations to implement unified endpoint management to remain secure.

To read more exclusive features and latest news please see our latest issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com

Subscribe to our newsletter

Don't miss new updates on your email