The recent disruption and changes to the way that we work has been staggering. Organisations without contingency plans had no choice but to adopt new structures. Those with plans had no choice but to execute and expand them. Whereas some who had been transitioning to a liberal way of operating have seen it as an opportunity to accelerate trends and plans that have been on the horizon for years.
However, the new “hybrid” way of working needs the right security policies and practices in place to facilitate the necessary flexibility, productivity and accessibility whilst providing assurance. Of all the options available to organisations going forward, this presents the biggest security challenge.
But once you’ve committed to a hybrid workforce spread across homes and offices, how do you start going about establishing a security plan that will work for you?
For assets: this would include, but not be limited to, an update (or patch) of services and applications whilst employees are potentially outside the corporate network, identifying how this could be done for remote employees. This will also need to be done for workstations that have been sitting idle in offices and only occasionally used, that could now be vulnerable.
Protocols and policies would need to be put in place for when company data is accessed from sites with limited security like public wifi. Disks should be encrypted in the event of theft or loss. Personal devices used when employees are working from home will bring their own unknown threat to the corporate network so this needs to be discouraged. With no knowledge of how those devices are used outside of working hours, be it by employees or their families VPN’s, rigorous scans and firewalls will need to be maintained.
For users: Whilst employees work remotely, the person to person security checks that you would have in a communal space are no longer there. If something looks odd or out of place you no longer have someone nearby that you can easily turn to or ask the opinion of. Education about the threats of phishing, downloads and other user reliant threats will need to be put in place for your hybrid workforce. Multi-factor authentication should also be configured for any applications or services being accessed remotely, including cloud services like Office365. Moreover, if there has been a change of staff the system will need to have an up-to-date account of the users.
It is also important that employers provide continuous training services to educate their users on the risks of working remotely, along with communicating changes to information security policies in a timely manner. It is key to present additional training to provide insight into how threats such as phishing are becoming more sophisticated and thus harder to identify.
As employees become more widely distributed and your hybrid workforce grows it is essential for organisations to have in place the necessary infrastructure, guidelines, plans and policies to minimise their exposure. However, the most pressing concern is to ensure that any systems put in place balance, connectivity, productivity and collaboration with cybersecurity. You need a system that preserves your business continuity without compromise.
While it may seem complicated with the right collaborative partner, it may not be as difficult as you think.
Get in touch for a free health-check audit and let Axians C&C help you establish your hybrid approach while building a better, more resilient future for your organisation.