Securing the hybrid workforce
Australian and New Zealand organisations have fully embraced the hybrid working arrangements that emerged following pandemic restrictions and lockdowns. As a result, employees tend to prefer to work remotely at least part of the time, and employers have found that productivity doesn't suffer when employees work from home.
However, while societal and managerial concerns regarding hybrid and remote working may have subsided, cybersecurity issues remain. Organisations need to evolve their cybersecurity approach to match the changes that are occurring in their workforce.
When the pandemic first hit, it was assumed that there would be a return to normal at some point. But the world is now accepting that it's more likely that organisations will need to find a way to work alongside COVID-19, which will probably involve a hybrid approach to work.
This will see some employees work on-site, some work remotely, and others split their time between the office and the home office. The hybrid workforce will be a permanent feature of the Australian and New Zealand business landscape moving forward, so organisations need to understand how to secure their networks and employees in this new environment.
There are three ways businesses must look to fortify their network:
Reassess budget priorities
Where previously organisations may have planned to spend on network upgrades or on-premises infrastructure, they may now need to redirect those funds towards supporting the hybrid environment. This can include cloud adoption, endpoint security, or collaboration software, for example. It's crucial to develop an architecture that protects users across the local area network (LAN), wide area network (WAN), data center, and cloud edges.
Re-examine security infrastructure
Hybrid working creates a broader threat landscape with more endpoints outside the corporate firewall, as well as more potential entry points for cybercriminals. This means organisations who haven't already done so must consider introducing a zero trust security approach, where no user is trusted, and all users are given the least amount of privilege possible.
Doing this effectively requires an automated security framework covering every corner of the network, from the office and data center to the branch office and home office. Solutions should include network access control (NAC), endpoint protection, and secure access service edge (SASE).
Beware of insider threats
People are the weakest link when it comes to cybersecurity due to errors and the potential for malicious actions. Phishing attacks have become more widespread, with a recent Deloitte report suggesting that 90% of cyberattacks start with a phishing email.
As employees communicate more often via email, clever phishing attempts can easily go undetected. Therefore, it's essential to train the workforce to spot phishing attempts and reinforce the need to double-check with the purported sender of an email before following any instructions in that email or clicking any links.
A hybrid workforce means more employees working from home networks instead of the traditionally better-secured corporate network. Home networks can be filled with gaps due to connected smart devices that the employee doesn't even realise are endpoints that could provide cybercriminals with access to the network.
Organisations need to minimise this risk by deploying endpoint protection and maintain that zero trust network access approach.
Understandably, a lot of organisations rushed to provision employees to work remotely when the pandemic hit. Now is the time to re-examine the security measures that are in place and plug any gaps.
This means training employees to spot phishing attacks and taking the proper security precautions at all times. Organisations should also ensure they have the right tools to protect the distributed network along with backup data and disaster recovery plans.
With all of these elements in place, organisations can protect their hybrid workforces now and into the future.