Hybrid Work Environment Poses Security Challenges for SMBs

As the worldwide pandemic draws closer to its end, businesses everywhere are asking themselves: How will we work going forward?

Three in five businesses that were in the office pre-COVID-19 are now at least partially remote, with a recent survey indicating that 82% of company leaders plan to allow employees to work remotely, some of the time going forward. It is quickly becoming apparent that the traditional workplace, for many, may never return.

A hybrid environment, working remotely and in the office, is increasingly being considered an answer to what the future of work will look like. The distributed workforce this will create, leads to many challenges for SMBs, managed service providers (MSPs), and channel partners, not information security. Striking a balance between cybersecurity and productivity will be critical for these businesses planning on deploying a hybrid work model post-pandemic.

Remote employees need access to all the same digital resources as on-premises employees, which requires secure connections to and from corporate networks and cloud services and applications. Password security is also a concern, both inside the walls and out. Organizations must keep critical assets secure, control and monitor sensitive information, and manage business-user passwords, all while ensuring that employees are productive and efficient. From an infrastructure standpoint, IT pros need the ability to quickly and securely access work-from-home employees' devices – ideally from a single dashboard.

Smaller companies rarely have the IT talent, tools, or budgets to prevent many forms of cyberattacks. However, with the right tools in place, IT professionals can successfully navigate these challenges without breaking the bank.


To help organizations more securely govern a hybrid workforce, Harbor recommends the following:

Enhance Cloud Security - The surge in remote workers has dramatically accelerated cloud-based apps and platforms' popularity. Organizations need to strengthen cloud security by deploying multi-function authentication (MFA), privileged access management, and end-user monitoring and logging. 

Fortify the Weakest Link: End Users - Now that the attack surface is much larger due to remote working, organizations need to establish, roll out and enforce threat detection programs and policies beyond their corporate environment and into home offices. Also, organizations should provide end users with ongoing cybersecurity training.

Use a Virtual Private Network (VPN) - VPNs should be made mandatory instead of optional. However, VPNs are not optimized for security out-of-the-box. Businesses should strengthen VPN security by implementing MFA and limiting VPN access to specific and authorized end-users.

Implement Single Sign-On (SSO) - Each time a remote worker logs into an application, a door is opened for hackers to potentially invade endpoints and networks. SSO enables end-users to log in once with a single set of credentials and access all of the apps, data, and websites for which they have permission.

Implement a Cloud-Based Password Manager - A growing number of organizations have remote workers who are working in different locations and at other times. Obliging these workers to use on-premises remote credential management and password management tools is tedious and inefficient. A cloud-based password manager helps end-users store and manage passwords in a single and trusted cloud-based solution to be efficient and secure – regardless of where or when they are working.

Michael Markulec

technology executive, cyber-security guru, politician, rugby player, deadhead, brewer, former army officer, crossfitter, and hard-drinking calypso poet.