As we continue to careen down an uncertain path, it’s now primarily expected that hybrid work is here to stay. While this flexible approach to the future of work can offer businesses and employees a wealth of opportunities, it will also present ample opportunity for cybercriminals to take advantage of any business with a flat-footed approach to cyber defense.
For security teams, the last 18 months have been marked by wide-ranging challenges that came with the overnight pivot to remote work and a worsening risk landscape as cybercriminals launched pervasive attacks to take advantage of the ill-prepared. Unfortunately, many security teams are still playing catch up on the risks introduced by technologies that were rapidly implemented and poorly vetted, while also being forced to stretch resources to counter increasingly frequent sophisticated attacks.
As we edge closer to the reality of hybrid work, it’s critical that security teams begin rigorously preparing. The lesson from the pivot to remote work is clear: businesses that shape their hybrid work security strategy early will be the most successful in managing the super-sized attack surface that will accompany employees working from both home and corporate networks.
Here are three priorities that every business should consider in its hybrid work strategy:
Emphasize visibility and control
We are dealing with an ever-changing threat landscape and a shortage of skilled cyber analysts and professionals. These weaknesses, only heightened by hybrid work models, make end-to-end network visibility vital — from user to device to application to data. As employees bring potentially compromised devices back to the corporate world, businesses should prioritize monitoring all behavior and transaction occurring on the network and leveraging actionable threat intelligence. This proactive approach to security enables teams to keep pace with rapidly evolving threats and opportunities to secure the business’s risk posture. In turn, this can help inform and improve policies and standards to strengthen day-to-day security.
Build a human firewall
Hybrid work will see employees operating outside their everyday processes and comfort zones, opening opportunities for attackers to perpetrate fraud, passing themselves off as employees to infiltrate the business. In fact, research reveals that only one in three employees are aware of the policies and procedures they should take to protect the security of their business’s data, and less than half say they have definitely received training on data security.
While some businesses have more robust training procedures than others, there is clearly serious work to do to ensure the new hybrid workforce is educated and growing in the same direction. Consider looking at security through the lens of human behavior, recognizing that people will usually choose the easiest way of doing something. Working with this knowledge, your task is to make it as straightforward as possible for your people to do the right thing and more challenging to do the wrong thing.
Start by putting guardrails on your system. For example, use filters for web searches and email click-throughs that block access to risky sites. Using simple controls and starting with the most abused practices will yield the best results for protecting your business. Then turn your attention to providing education and ongoing coaching on how to behave safely online.
Consider a security partnership
While there is much that can – and should – be done in-house, it can be difficult for businesses to check every security box by themselves. From supply chain assessments to email security to overall risk audits, trusted partners can provide a valuable, objective point of view to bolster security postures.
Of course, any partnership needs to complement the business’s existing expertise and bandwidth to complete the picture. Be clear-sighted about where a co-managed security model can address shortcomings and how you could use it to stay ahead of threats. Outsourcing security ultimately may not be the best path forward for every business but working with a partner on a co-management approach is an effective way to fill the gaps in your expertise.
Businesses that don’t make strong moves with their security now risk entering the hybrid work world ill-prepared, under-resourced, and vulnerable to threat actors. This is a rare opportunity to drive an agenda that puts security at the heart of every future step. Let’s make it count.