Preparing a hybrid workforce starts with strengthening security
Guest Blog: Ross Woodham, General Counsel and Chief Privacy Officer.
With the UK officially announcing ‘Freedom Day’ on the 19th of July, symbolising a transition back to business as usual, many organisations are announcing their plans to return to the office. In fact, over 70 percent of business executives anticipate a total return to the office before the end of 2021. However, of the companies planning to return to the office, just over 60 percent do not have a strategy in place for either a hybrid or traditional working model.
Not having a comprehensive plan, especially around security protocols, presents a significant issue for organisations.
Exacerbated by the pandemic, there are now 648 cyber threats per minute, according to a recent security intelligence report. 2020 saw unprecedented attacks as cybercriminals exploited vulnerabilities in businesses’ security perimeters as employees worked from home. A City of London Police report confirms this, as more than 11 million GBP has been lost due to COVID-19 frauds in 2020. Additionally, a Tessian survey found most data breaches occur due to human error, with 43 percent of employees admitting making a mistake at work that had security repercussions.
With 73 percent of security and IT executives expressing grave concerns about the continued vulnerabilities of any hybrid working model, businesses must act now to strengthen security protocols. The reputational, operational, legal and compliance implications could be considerable if cybersecurity risks are neglected.
To best prepare their workforces, companies must prioritise cybersecurity and look to adopt a comprehensive security strategy no matter where they are working from.
Auditing security strategy by asking the right questions
To successfully acclimate to a hybrid workplace, organisations should evaluate the requirements of their workloads against their current infrastructure stack and consider the following: Who needs access to what data? Who can access each of those workloads, and with what privileges? Where are those privileges stored, and how? How secure is the connection between environments? What workloads would be best-suited on-premises, in a private cloud, or on a public cloud platform?
Aptum’s Cloud Impact Study reveals many organisations plan to take a hybridised approach to cloud infrastructure, with more than half (59%) planning to reduce their on-premises infrastructure and increase public cloud deployments over the next 18-24 months. A further 66% intend to expand their private cloud workloads, with security being a fundamental driver.
Cloud computing has become the answer to many organisations’ need to strengthen remote workers’ security. In fact, our research found 76 percent of organisations are utilising cloud services to facilitate remote working in response to the COVID-19 pandemic.
These findings highlight how essential cloud technologies have been in driving better security and overall business resilience throughout the past 18 months. Ninety-two percent of business leaders were confident in their organisation’s continuity throughout the COVID-19 crisis after integrating cloud technologies. Hybrid or multi-cloud solutions can provide organisations with the groundwork to build a protected, effective, and adaptable ecosystem.
Overcoming obstacles by increasing security efforts
Despite the benefits of hybrid cloud, hybrid strategies carry a few common risks for IT professionals, including governance, visibility, and compliance. Aptum’s recent Cloud Impact Study Part 2 found that while 91 percent of organisations successfully increased security through cloud services, 82 percent of senior IT professionals admit visibility, control, and governance remain top causes for concern.
As the variety of platforms increases, so do the number of systems, applications, and endpoints to be secured. Inevitably, this makes governance, visibility, and compliance extremely convoluted to manage.
Maintaining consistent compliance is a colossal challenge in hybrid environments. Our research found that 80 percent of respondents state their ability to efficiently meet the requirements of compliance audits across their cloud environments as one of the biggest obstacles. The ability to spin services up and down has helped many businesses adapt over the last six months. But, if one of those resources has been misconfigured with sensitive information and left unmanaged, security and compliance can be remarkably challenging to achieve for IT staff.
Considering the best course of action
Before reopening, organisations must examine their data, hardware and software, and management processes, alongside considering their employees’ requirements.
Internal IT audits can help companies ensure they minimise risk and maximise the results of a secure infrastructure. Furthermore, the systems, processes and solutions are subject to change as business needs alter and should be checked for future suitability to optimise environments. Organisations should also provide employees with additional remote working training to minimise the IT security risks associated with hybrid working.
Inevitably, employees will move company information to third-party applications whilst working remotely, risking compliance and data privacy violations. For more robust cybersecurity, IT leaders require greater network visibility to reduce shadow IT and bring corporate data back under the businesses control. Better visibility also helps organisations remain compliant by meeting data regulation requirements, such as ISO27001.
To succeed post-pandemic, organisations must understand the risks behind distributed workforces, identify and implement the right solutions. These solutions are proven to reduce risk, employee productivity, business resilience and agility.
A partnership with an experienced managed service provider enables organisations to get their security strategy right from the outset. Working with a solutions provider to create and implement a comprehensive cybersecurity strategy will ensure companies operate more secure, compliant, trusted, and resilient, protecting their people, information, and reputation. The companies taking these steps will advance over those moving ahead without a clear plan and will be prepared no matter what the future of the office brings.
Ross Woodham, General Counsel and Chief Privacy Officer
Latest News from
How service providers can profitably ride the data wave and improve customer experience27/09/2021 16:38:00
The speed of data growth is rapid and shows no sign of abating. According to recent studies, data creation will grow to more than 180 zettabytes by 2025.
What now for UK data protection laws?27/09/2021 11:25:00
Guest Blog: Peter Church, TMT Counsel, Linklaters discusses the UK Government's proposals to reform UK data protection laws.
Defence and Security SME Forum Survey Results24/09/2021 16:25:00
Over the summer, techUK’s Defence and Security SME Forum asked the SME community within techUK's membership to take part in a survey examining engagement with the UK Ministry of Defence (MOD).
UK National AI Strategy24/09/2021 11:25:00
Summary of major announcements from the UK Government's National AI Strategy.
Inclusive Economy Partnership (IEP) and Dell Technologies launch the Digital Inclusion Impact Group23/09/2021 15:15:00
techUK is a part of a group of industry, government, and civil society leaders to tackle digital exclusion in the UK.
Tackling greenwashing: CMA published new guidance on green claims21/09/2021 14:15:00
Companies have until the New Year to address potentially misleading claims
techUK industry briefing with the Greater Manchester Combined Authority21/09/2021 12:05:00
Insights from the GMCA Digital team
MHRA announce consultation on the future regulation of medical devices20/09/2021 16:20:00
The Medicines and Healthcare products Regulatory Agency (MHRA) is inviting members of the public to provide their views on possible changes to the regulatory framework for medical devices in the UK, aiming to develop a new regime for medical devices.