Take the next step to secure your new hybrid work environment

Take the next step to secure your new hybrid work environmentFor a decade, companies have discussed the theoretical merits and issues. For some companies, work-from-home was a periodic luxury, for others a way...Contents

secure hybrid work

Hybrid work environments are here to stay

When it comes to the conversation around remote work, 2020 seems to have had the final say.

For a decade, companies have discussed the theoretical merits and issues. For some companies, work-from-home was a periodic luxury, for others a way of doing business. While there will need to be plenty of further discussions on the nature to company culture and identity in a hybrid work environment, it seems safe to conclude that it’s going to remain the norm moving forward.

With so many people now entrenched in the new “work-from-home” culture, there will inevitably be a group of people that want to remain, even after offices reopen.

A survey done by Global Workplace Analytics, a research-based consulting firm focused on preparing employers for a hybrid work environment, found that 88% of employees are working completely remote.

The shift caught most companies off guard

The level of disruption this shift has caused the average person is noticeable, but the impact it has had on network, security, compliance, and other teams in the average organization is even more so.

Even though many companies had already starting their transition to support this norm with “cloud-first” or even “remote first” decision making, these transformations take time due to the size and scope. With the massive scale of the 2020 office exodus, even those who had these transformations under way were left scrambling. In a recent Cisco report, a little over half of companies surveyed confessed to feeling only “somewhat prepared” for the shift they went through in the last year.

Cybersecurity is a renewed area of focus for most businesses

The biggest reported gap or area of focus, no surprise to anyone, was cybersecurity.

Of the companies surveyed by Cisco, 85% reported that cyber security is a renewed area of focus, saying that it was “extremely important” or “more important than it was before the pandemic.” While it is easy for people to log in from home rather than work, the technology, capacity, and plan to secure everything is not an overnight reality. The perimeter expanded in a way that it hasn’t before.

Work that happened primarily on managed endpoints is now happening on unmanaged ones. New applications have been deployed quickly, possibly without the typical time it takes to assess potential new blind spots. When these things happen, the attack surface available for exploit increases and the risk of breach, compliance violations, or other issues that might impact company reputation goes up.

The sudden re-distribution of the workforce in 2020 HAS caused a spike in malicious activity – with big, medium and small companies reporting jump of 25% or more in cyber threats or alerts since March.

You’ve made fast decisions, what’s your strategy moving forward?

If you’re like most companies, you’ve had to make some fast changes to ensure business resiliency.

Whether it’s been deploying new security, rolling out collaboration tools, leveraging the cloud more, and/or any of the above, the changes made have been timely and necessary.

The purpose of this eBook is to talk through what’s next. It’s one thing to patch the leak, it’s another to build a strategy to support and thrive in our new hybrid work paradigm. The sudden remote work reality of 2020 is driving long-term changes in cybersecurity changes and presents every organization with a timely inflection point. This is a unique opportunity to jumpstart business and security strategies to truly support the digital-first world that we find ourselves in now. The time is right now. Business leaders are focused on making remote workers as successful as possible and this means they are open to new ideas and thinking about distributing company resources in new ways.

66% of business, regardless of size, are planning to increase their investments in cybersecurity over the next 2 years

Hybrid’s been around, but this is a new normal.

Supporting both remote work and a central campus has been a common trend in most industries but the distribution of individuals within that paradigm has always been skewed towards office work. 2020 showed a remote work paradigm was viable to BOTH employers AND employees.

The offices might open back up, but the distribution of workers is unlikely to return to the old paradigm.

It’s imperative that security teams have a strategy to support this.

Building a strategy to secure your remote workers

We recommend addressing the following four critical challenge areas in your strategy to secure remote workers – 1) unsecure connections, 2) compromised credentials, 3) limited or no visibility or control from the internet to the endpoint itself, and 4) resource/time shortages.

In our digital-first world, the ability to verify the identity of every user regardless of location is paramount.

After verification, it’s imperative to make sure the connection is secure, no matter the device.

Third, your new strategy to securing remote work moving forward also needs to include the ability to do prevention and response against threats from the cloud edge and at the device level.

Lastly, as with any time of change, use it to your advantage and look for ways to increase automation, free up resources and focus your security teams. The shift we’re in is a dramatic one and trying to accommodate two or more work realities rather than just one is sure to bring additional burden unless done in a manner that scales with efficiency, rather than effort.

After analyzing the responses to our remote work study, five tactical steps emerged that are easy for any business to act on and increase their security profile in this new hybrid work environment.

Read on to learn explore these five steps in depth:

Educate your workforce on common tactics and encourage a culture of security
Implement MFA as an important step towards Zero Trust
Build security into the way users access information, leveraging the cloud whenever possible
Secure email against advanced threats
Maintain a first and last line of defense with DNS and Endpoint security