In the post-Covid era, organizations have had to adapt their ways of working. The rapid transition to remote working was reactive rather than secure by design, making it necessary to continuously develop and support this evolving environment.
Flexible and hybrid working pose new risks to organizations due to the lack of visibility of the workforce. To establish a secure hybrid environment, several measures must be taken. Firstly, it is crucial to help users understand why security controls are necessary. Communicating the increased vulnerabilities of working from home effectively will make employees more accepting of the security measures and training being implemented. Senior leaders should act as role models for secure behavior and provide the context and reasoning behind their requests. By doing so, they will encourage individuals to prioritize cybersecurity training and promote secure practices not only at work but also in their personal lives. Communicating cybersecurity information about home life can help employees engage with the content, as good habits in personal life will transfer to their work.
Building understanding and accountability is essential for individuals to act securely. Providing employees with relevant cybersecurity training on how to work securely from home or other locations is crucial. Regular training and phishing simulations should be conducted to continuously develop cybersecurity skills and awareness. Cybersecurity training and awareness platforms can be used to provide engaging and timely training to the workforce. It is important for individuals to understand their role in an organization’s security and follow the expected processes. Establishing clear processes to define positive security behavior and effectively communicate them will ensure that employees understand their responsibilities. Reporting incidents and suspicious links will contribute to a clearer understanding of the threat landscape and increase awareness of the cybersecurity team.
Data analytics, combined with an understanding of likely threats, can help prioritize and refine controls and training to manage risks. Proactive and iterative human risk management is necessary to identify insecure behaviors in a hybrid environment. Behavioral data can provide insights into an individual’s digital footprint and actions, allowing for a better understanding of insecure behaviors across the workforce. However, regulatory restrictions such as privacy laws must be considered when using behavioral analytics, especially for organizations operating in multiple jurisdictions.
Implementing technical controls is vital to support employees and minimize risks. This includes using endpoint protection software on business devices, implementing cloud-based email management platforms, and establishing always-on Virtual Private Network (VPN) controls. It is also important to have clear policies regarding the use of public Wi-Fi to mitigate associated risks.
By following best practices and taking a proactive approach to influencing security behavior, organizations can effectively manage the risks of hybrid working. Integrating human risk management into the wider business strategy and continuously updating it to reflect the evolving threat landscape is crucial for both office-based and remote workers.