January 2022 - New Work | Security

Safe & Secure Technology & Tools in the Hybrid World of Work

Seeking to bolster the safe & secure use of New Work technology and tools in post-Covid times? Pick up a range of tips from eco experts and partners.

Safe & Secure Technology & Tools in the Hybrid World of Work-web

© demaerre| istockphoto.com

Current Status Quo

The pandemic has transformed our world of work and, from a New Work perspective, has created a number of positive developments. The new digital routes to collaborative working suddenly gained in prestige and, in a short period of time, got to prove their worth. In many respects, balancing family life and career has been made easier – even though women in particular are often overburdened by additional care work. “The crisis has led to a expansion of measures to promote work-life balance,” according to the German representative study ‘Learning from the Covid Crisis – Experiences and New Impetus for Business Work-Life Balance Policies’. Nonetheless, many people have also been confronted with new challenges: Since March 2020, working from home, homeschooling, childcare, and new means of collaboration have been shaping many jobs, and this a trend that is likely to continue.

But will everything really look good when the pandemic is over, and everyone is back to the “new normal”? The truth is: handling the transition back to the office and organizing the balancing act between mobile and stationary work will continue to be a concern for us in 2022 and beyond.

In the “new normal”, cybersecurity will also deliver new challenges. During these pandemic times, Europol has announced an increase in social engineering attacks. This is precisely why we are addressing the following questions:

What options and solutions will be available to allow us to safely and securely utilize the technology and tools? Does digitalization offer us sufficient IT security, and will the digital nomad no longer be considered a stopgap solution in the new normal, but a fully-fledged workplace with firmly defined guidelines?

1.    Just how normal is the “new normal”?

The positioning of the New Work topic is based on four core statements defined by Lucia Falkenberg, CPO at eco – Association of the Internet Industry, with these laying the groundwork for the activity of the eco New Work Competence Group. These core statements highlight Lucia’s perception of the “new normal”.

  • While human work is being transformed, it is not receding; instead, it is being enhanced by digital processes and the use of new technologies.
  • The transformation of tasks and structures goes hand in hand with high efficiency and unprecedented freedom in the time and place of services. However, in spite of the numerous opportunities offered by this transformation, it also contains risks.
  • The current shortage of skilled workers, the general demographic trends, and the value system of the younger generation: all of these factors are contributing to a culture where successful companies will in future be more strongly shaped by a shared vision and teamwork on an equal footing, and where a new understanding of leadership will be cultivated.
  • The success of the digital world of work will depend on rethinking work structures, boldly exploiting opportunities, and enabling broad participation by employees by means of cross-generational training offers.

Here’s an additional observation from our eco member aixvox: “Our working hours will level out at 50% home office and 50% in the office or mobile working,” says Detlev Artelt, CEO of aixvox GmbH and Head of Competence Group Business Communication at EuroCloud Germany. This requires solid tools. The common practice of having a multitude of video conferences, which has been in place since the start of the pandemic, does not go far enough.

More is required – namely, a shift from email-focused to topic-based work across individual team boundaries. This concept is not new. However, driven by the pandemic, the motivation has now grown to finally apply this approach. This means that anyone can start work on any possible end device and continue it on another device – be it a notebook, tablet, or smartphone. Such a method tends to function on an intuitive basis, without having to think much about the technology behind it. The best thing about this approach: documents are no longer being sent back and forth, but all team members are working on documents together online.

2. Mounting security requirements for the hybrid world of work

The trend towards working from home, accelerated by Covid-19, is upping the stress among those responsible for IT security in companies. Something that has been sidling in over the last few years is suddenly becoming far more visible: the perimetric protective wall associated with corporate IT – i.e., the protection of a self-contained company network – no longer exists, or at least not in the form it used to. The simple distinction has been: IT hardware that is located internally in the company is secure. Everything that takes place outside is potentially insecure. But things can no longer can work in this way. Suddenly and unexpectedly, hundreds or thousands (depending on the size of the company) of employees’ workstations are outside of the company’s protective walls, granting inroads for cyber attacks and viruses.

What’s even more challenging is the fact that systems are operated in an environment that, from the perspective of mobile workers, is secure and trustworthy – it is, after all, their home. But from the point of view of those responsible for IT security, the new working environment harbors unknown dangers: What about a daughter showing up with a USB stick and wanting something to be uploaded “just for a second”? What about the smart speaker located in the immediate vicinity of the workstation which keeps a close eye on everything that is said as well as on the network’s traffic? And what exactly does the smart socket from the Chinese manufacturer do apart from switching itself “on” and “off”?

Nonetheless, even in Covid-19 times, daily work can be carried out – if the Internet connection is stable. However, it needs to be clarified which channels are used for the exchange of information (files, chat, audio, video) and how secure they are – also from a compliance point of view. It can be that some data may not be allowed to leave the company under any circumstances – how should this be handled? Some of the questions can be clarified organizationally, some by using the right software. In quite a few cases, however, a fundamental revision of the architecture of the company’s IT will be necessary.

3. What does working from home mean?

If you look at the reality of life for many managers and other employees, the term “working from home” is misleading. One person thinks of a chaotic kitchen table, the other of a home office adorned with the highest criteria in an extra room with certified equipment. It’s much clearer and true to life if you replace “working from home” with “working from anywhere”. As an (IT) decision-maker, you can even think of exotic places such as a beach, a rainforest, or a desert island.

Because if employees receive the proper technical conditions to work securely at these locations, then the underlying IT infrastructure is also suitable. At the same time, not only compliance and risk management play a role, but so too do labor law issues – and these must all be clearly communicated in one package.

4. Global digital work

Pandemic-driven changes are accompanied by a significant acceleration of digitalization and digital services – but also with a new hybrid world of work and office architecture.

There are several aspects that require new perspectives and approaches, with these including flexible workspaces that promote collaborative working, increased use of mobile devices in the home and elsewhere, and new standards for secure working environments. This can be reflected in policies, processes, and the integration of diverse technologies – also in the design and implementation of property projects.

Data loss prevention: When it comes to this topic, in Germany it’s worth pointing to the Federal Office for Information Security (BSI) and the German Social Accident Insurance (DGUV). The involvement of competent service partners who help with implementation is just as important as the legal, technical, and organizational treatment of the “new” working models. 

5. Hybrid communication and leadership

In bringing about these new services, what has proven to be successful is a milestone-based management approach. As Carolin Desirée Töpfer from the cdt digital group spells out, projects need to be planned strategically in order to realize a vision and long-term goals. As part of the general strategy, there should be a line-up of the respective projects aimed at reaching the associated milestones.

In this respect, there is little need for long drawn-out team meetings and mail traffic involving more than two people. Project participants can exchange information directly and act in a free and self-determined manner.

The basis for communication is the IT environment provided and the corresponding security standards. This allows personal issues and life circumstances to be left largely out of the loop, with this having a major advantage in hierarchically organised companies, where such factors can often lead to conflicts in scheduling and social friction.

The management task here is to provide employees with all necessary information, to jointly set realistic schedules and deadlines, and to communicate these internally and to customers.

6. The technological side

A lot of companies still have some ground to cover before digital working can function seamlessly. The closed on-premises systems that were the standard from 20 or 30 years ago are still far too common. This has once again become patently clear from the latest Microsoft Exchange vulnerabilities. Even Microsoft’s in-house security team could not help with such set-ups and could only “warn and inform”.

Often, self-built isolated solutions for individual departments supplement the features of the IT infrastructure. This not only further hinders the necessary transparency and IT and security management; it is also disorienting and uneconomical in terms of usability – for employees and the IT department.

The solution can be found in an efficient digital transformation and the switch to at least one cloud core system. Here there are a range of different variants – from the completely externally hosted software-as-a-service solution to various forms of the self-installed cloud.

Overall, the need for a properly set-up IT architecture and a long-term functioning infrastructure can presently be seen as the greatest challenge for IT administration. This requires trained personnel who can understand fields, software history, and product updates from the bottom up. Otherwise, vulnerabilities will quickly arise due to administration errors.

7. Network separation – more security for working from home

Inadequate protection of the home-based network and thus of the home office workplace produces a great risk. This can be minimized by delivering a separate WiFi to visitors that does not allow access to all end devices that are in the WiFi work-based network. Special attention should also be paid to the separation of private devices and devices containing company data. Malware that has been loaded onto an end device can, in a worst-case scenario, also spread within a company network and encrypt files and/or spy on data. A VPN network tunnel from the home office to the employer’s IT systems helps to minimize these risks.

Conclusion:

 Through the intensified provision of home office workplaces, many companies have been able to gain a positive résumé for themselves – even in Covid-19 times. In order for employers to be able to offer mobile work securely and sustainably beyond the Covid-19 pandemic, those responsible need to think more strongly about IT security. The cyber dangers are greater in working from home than at the workplace in the company itself. To minimize risks, a fundamental overhaul of the architecture of corporate IT may even be necessary. “However, if compliance and security issues are thought through from the outset, the new normal will have many positive effects on the future development of flexible working and collaboration across departmental and company boundaries,” Detlev Artelt summarizes.

 

Co-Authors

  • Detlev Artelt, CEO aixvox GmbH, Head of Competence Group Business Communication EuroCloud Germany
  • René Bernard, Communication PR Editor, eco Association
  • Lucia Falkenberg, CPO eco Association & DE-CIX Management GmbH
  • Jan-Werner Kern, Branch Manager, E-INFRA GmbH
  • Michaela Templin, Project Manager Information Security / New Work, eco Association
  • Carolin Desirée Töpfer, CEO/CTO Cyttraction.com & Founder Mahina VC
  • Peter Vahrenhorst, Chief Inspector from the LKA North Rhine-Westphalia, Cybercrime Prevention
  • Frank Weismüller, LAN & Data Center Specialist, Datacenter Sales Manager, Corning Optical Communications