Home internet speed. Cameras on or off. Core work hours. These are just a few remote work worries managers now have to consider. While businesses may have dabbled in flexible work arrangements before, it’s clear that widespread adoption of hybrid policies is here to stay — and with it, the need for cybersecurity extends beyond the office walls.
Leading a dispersed workforce requires looking at cybersecurity compliance differently. This often means creating or adjusting policies that employees will follow to keep their identity and devices safe while also protecting your company’s digital assets.
Cybersecurity challenges for a hybrid workforce
In any organization, the areas most vulnerable to cyberattacks are at the security perimeter, with individual users, devices, and system access points. Securing these endpoints was challenging enough before the pandemic forced workforces to disperse and millions to work from home.
Companies who have continued remote and hybrid workforce policies have pieced together some systems and processes that allow work to be done and basic security standards to be met, yet often admit that they still face challenges.
That’s because cybersecurity is not just a technical problem; it’s also a people problem. And it’s an area of operations that is still rapidly developing, with solutions and best practices often lagging or being developed in reaction to known security vulnerabilities.
While it’s been more than two and half years since remote work had its COVID debut, everyday hybrid headaches for security admins still include:
- Limiting and securing access to sensitive information and systems
- Adopting technologies to maintain employee productivity and ensure security
- Enforcing security policies
- Handling home network security issues, including unauthorized apps (called shadow IT), bring your devices (BYOD), and unsecured Wi-Fi.
As the software industry rushes to introduce new products and solutions to address these challenges, many companies find themselves hampered by their employees’ cooperation to be the first line of defense.
Recent research indicates that many people still fail to follow basic cyber hygiene practices, like using unique passwords for each account, checking the source before clicking on links, and protecting personally identifiable information.
While these habits are risky enough in personal life, they present a significant risk to companies where credentials and logins hold the keys to the kingdom, from financials to intellectual property to customer data.
Managing the hybrid security risk
By nature, managing a hybrid workforce is more demanding because it requires managers and leaders to be deliberate. They must determine policies and communication for those at work and elsewhere, often with remote work guiding rules and norms around cybersecurity. It’s not easy because this is largely uncharted territory. That’s exactly why cybercrime is so lucrative — they know companies have these security gaps and are willing to pay up and move on.
Managing the risk calls for a rather simple shift in security mindset. Rather than trying to change the behavior of people in your organization, change policies and systems to mitigate risky behaviors. For example, instead of having employees remember the passwords and log in to half a dozen different databases and applications during their workday, the better hybrid security mindset has them log in to a single portal.
In fact, the best advice for companies looking to maximize the impact of the security dollars — whether in person or hybrid — is to use as many technology controls as possible to mitigate human risk factors.
But we can’t forget about training. Cybersecurity education for your hybrid workforce is a must-have investment when it comes to defending the business against phishing scams and other communication-based attacks.
The goal of training is to ensure that every employee, regardless of their role, level of access, or location, knows how to recognize and avoid common and new threats and what steps they need to take in case of a breach or hack. A secondary goal is to give hybrid employees confidence that they truly make a difference in their cybersecurity stance; personal investment helps drive more compliant behaviors.
Extremes, including super strict policies, performance-review impacts, and other penalties for security mistakes, can have the opposite intended impact on employee security compliance. Instead of helping hybrid employees do their jobs more securely, they drive paranoia and fear and impact employee performance (for example, employees refusing to respond to emails with attachments or to click on any links).
To help, consider adding planned and random testing to training so hybrid employees can use their best judgment to put what they’ve learned into practice.
The struggle between security and productivity
Finding a “sweet spot” that balances cybersecurity with business needs may take trial and error. However, companies can succeed by recognizing cybersecurity as a business operational concern and not just a technology issue.
Cybersecurity can drive productivity in a hybrid environment, as it helps companies avoid costly breaches and service disruptions that shake customers’ trust and derail operations. But employees don’t have to feel hampered — or hassled — to be safe.
Here, cybersecurity technology may hold the answer for hybrid work. Already we’ve seen major advances in tools that help us connect and communicate. Now that so many of us want to ensure remote work can be fulfilling, meaningful, and impactful for employees, look for more software, tools and policies to become “best practices” that help hybrid thrive.