IT security in hybrid working models

The future of work is hybrid. Linked to this paradigm shift are numerous new requirements, be it the role of the office or the nature of collaboration. IT departments also face new challenges as a result of the transformation to a hybrid working model. IT and data security will have to be rethought in the future.

What are the information security risks of hybrid working?

For IT security, the shift to mobile work means providing a secure working environment outside the corporate office as well. Both technical and human vulnerabilities need to be taken into account.

Unsecured environments

Remote workers access company data from a wide variety of locations. They regularly switch between well-protected company networks and less well-secured, partly unencrypted home networks or public hotspots. For attackers, such unsecured WLAN networks are usually an easy target to gain access to sensitive data. At the same time, this access makes it impossible for IT departments to identify suspicious activities based on IP addresses and to ward off unauthorised access.

Not protected terminals

In the home office, access is no longer only via the work computer. Instead, employees often use private devices, for example to check chat messages or emails on their smartphone or tablet. However, private devices are usually not under the control of the company. Therefore, there is often no sufficient password protection and regular updates. Other devices logged into the same network also pose a potential threat.

The regular change also increases the risk of devices being stolen or lost. If the mobile devices are not sufficiently secured, it is easy for unauthorised persons to gain access to sensitive data.

Carelessness of the employees

Last but not least, it has already been shown during the pandemic that remote workers are more vulnerable to cyber attacks. More frequent distractions, but also the lack of contact with IT staff and colleagues, increase the likelihood of threats not being recognised as such and opening the door for criminals to access important data. This applies, for example, to phishing attacks, i.e. attempts to obtain personal data via fake emails or websites or to install malware.

How can organisations ensure IT security in the hybrid working model?

Companies need to counteract the additional risks posed by hybrid work both on a technical level and with regard to the human factor. From a technical point of view, it is about securing data during transfer, processing and storage. At the same time, employees need clear rules and guidelines for handling data and devices.

Modern mobile devices for employees

IT security in hybrid working models - Modern mobile devices

Allowing employees to work with outdated private technology that is not managed by the company entails high security risks. Instead, all colleagues should work with the latest technology and regularly updated software. This is not only recommended for security reasons, but also guarantees the highest possible productivity. Furthermore, the use of private devices is also problematic from a data protection point of view.

Here you can find the latest
laptops, smartphones & tablets.

Encrypted data transmission

Home networks are often inadequately secured or not secured at all. This leads to high security risks. With Virtual Private Networks (VPNs), secure and encrypted data transmission between the company network and the end device is possible.
Digital collaboration tools such as Zoom or Slack are mostly used for chats, video conferences and data exchange. Organisations should only make applications available that support end-to-end encryption.

Access management for employees

Another security precaution is the individual assignment of rights for individual users or user roles. With Single Sign On (SSO), access rights can be granted or revoked with little effort. At the same time, the IT department always knows which employee has access to which data. For users, SSO offers the advantage of having access to all relevant applications and services with just one account.

To prevent identity theft, multifactor authentication provides additional security when logging in. By confirming one's identity multiple times, it is ensured that it is actually the person one is claiming to be.

Establish a safety culture

In a hybrid working world, the human factor will play an even more important role in the future with regard to IT security. Companies can reduce avoidable risks through targeted training on the topic of IT & data security, the safe use of end devices and the protection of personal data. This is because regular learning units not only create an awareness of potential dangers, but also provide the workforce with suitable tools to deal with the risks appropriately.

The following measures can already achieve an adequate level of protection in the home office:

  • Protect WLAN networks with a password
  • Use secure, unique passwords for applications and services
  • Carry out regular updates
  • Keep documents and equipment inaccessible to unauthorised persons

Maintaining full control with mobile device management

One way to implement many of the above measures is through Mobile Device Management (MDM). This gives IT departments full visibility and control over all devices. After registering the device once in the MDM software, it can then be easily managed, secured and monitored remotely from a central location. It does not matter whether the devices are company-owned or private.

A wide range of functions and configurations can be set up via the console of an MDM software. The features of an MDM solution include, for example:

  • Configure network access
  • Deployment and updating of apps and applications
  • Access management for individual users or roles
  • Enforcement of security policies, such as password strength
  • Device encryption
  • Monitoring
  • Inventory & Management
  • White- & Blacklisting
  • Erasing and locking the machine remotely
  • and much more
By using an MDM solution, the human factor and the associated security risks can be reduced to a minimum, thus increasing IT security in the company.

Mobile Device Management is part of our Device as a Service solution. We are happy to advise and support you in setting up and configuring your individual MDM solution.


Here you can find out more about Device as a Service at Lendis.