Preparing a hybrid workforce starts with strengthening security

26 Jul 2021 04:47 PM

Guest Blog: Ross Woodham, General Counsel and Chief Privacy Officer.

With the UK officially announcing ‘Freedom Day’ on the 19th of July, symbolising a transition back to business as usual, many organisations are announcing their plans to return to the office. In fact, over 70 percent of business executives anticipate a total return to the office before the end of 2021. However, of the companies planning to return to the office, just over 60 percent do not have a strategy in place for either a hybrid or traditional working model.  

Not having a comprehensive plan, especially around security protocols, presents a significant issue for organisations. 

Exacerbated by the pandemic, there are now 648 cyber threats per minute, according to a recent security intelligence report. 2020 saw unprecedented attacks as cybercriminals exploited vulnerabilities in businesses’ security perimeters as employees worked from home. A City of London Police report confirms this, as more than 11 million GBP has been lost due to COVID-19 frauds in 2020. Additionally, a Tessian survey found most data breaches occur due to human error, with 43 percent of employees admitting making a mistake at work that had security repercussions.  

With 73 percent of security and IT executives expressing grave concerns about the continued vulnerabilities of any hybrid working model, businesses must act now to strengthen security protocols. The reputational, operational, legal and compliance implications could be considerable if cybersecurity risks are neglected.

To best prepare their workforces, companies must prioritise cybersecurity and look to adopt a comprehensive security strategy no matter where they are working from.

Auditing security strategy by asking the right questions

To successfully acclimate to a hybrid workplace, organisations should evaluate the requirements of their workloads against their current infrastructure stack and consider the following: Who needs access to what data? Who can access each of those workloads, and with what privileges? Where are those privileges stored, and how? How secure is the connection between environments? What workloads would be best-suited on-premises, in a private cloud, or on a public cloud platform? 

Aptum’s Cloud Impact Study reveals many organisations plan to take a hybridised approach to cloud infrastructure, with more than half (59%) planning to reduce their on-premises infrastructure and increase public cloud deployments over the next 18-24 months. A further 66% intend to expand their private cloud workloads, with security being a fundamental driver.

Cloud computing has become the answer to many organisations’ need to strengthen remote workers’ security. In fact, our research found 76 percent of organisations are utilising cloud services to facilitate remote working in response to the COVID-19 pandemic. 

These findings highlight how essential cloud technologies have been in driving better security and overall business resilience throughout the past 18 months. Ninety-two percent of business leaders were confident in their organisation’s continuity throughout the COVID-19 crisis after integrating cloud technologies. Hybrid or multi-cloud solutions can provide organisations with the groundwork to build a protected, effective, and adaptable ecosystem.

Overcoming obstacles by increasing security efforts

Despite the benefits of hybrid cloud, hybrid strategies carry a few common risks for IT professionals, including governance, visibility, and compliance. Aptum’s recent Cloud Impact Study Part 2 found that while 91 percent of organisations successfully increased security through cloud services, 82 percent of senior IT professionals admit visibility, control, and governance remain top causes for concern.

As the variety of platforms increases, so do the number of systems, applications, and endpoints to be secured. Inevitably, this makes governance, visibility, and compliance extremely convoluted to manage. 

Maintaining consistent compliance is a colossal challenge in hybrid environments. Our research found that 80 percent of respondents state their ability to efficiently meet the requirements of compliance audits across their cloud environments as one of the biggest obstacles. The ability to spin services up and down has helped many businesses adapt over the last six months. But, if one of those resources has been misconfigured with sensitive information and left unmanaged, security and compliance can be remarkably challenging to achieve for IT staff. 

Considering the best course of action

Before reopening, organisations must examine their data, hardware and software, and management processes, alongside considering their employees’ requirements. 

Internal IT audits can help companies ensure they minimise risk and maximise the results of a secure infrastructure. Furthermore, the systems, processes and solutions are subject to change as business needs alter and should be checked for future suitability to optimise environments. Organisations should also provide employees with additional remote working training to minimise the IT security risks associated with hybrid working. 

Inevitably, employees will move company information to third-party applications whilst working remotely, risking compliance and data privacy violations. For more robust cybersecurity, IT leaders require greater network visibility to reduce shadow IT and bring corporate data back under the businesses control. Better visibility also helps organisations remain compliant by meeting data regulation requirements, such as ISO27001. 

To succeed post-pandemic, organisations must understand the risks behind distributed workforces, identify and implement the right solutions. These solutions are proven to reduce risk, employee productivity, business resilience and agility. 

A partnership with an experienced managed service provider enables organisations to get their security strategy right from the outset. Working with a solutions provider to create and implement a comprehensive cybersecurity strategy will ensure companies operate more secure, compliant, trusted, and resilient, protecting their people, information, and reputation. The companies taking these steps will advance over those moving ahead without a clear plan and will be prepared no matter what the future of the office brings. 

Author:

Ross Woodham, General Counsel and Chief Privacy Officer