As part of the ongoing COVID-19 health crisis, work from home rates and hybrid workforces continue to grow across Australia.
New data shows that 37 per cent of workers conducted business from home one or more times a week in June 2021, compared to 24 per cent in March 2020 when the impacts of COVID-19 were first felt. As the world continues to adjust to ongoing uncertainty, with changing restrictions and unpredictable lockdowns, the hybrid workforce provides stability for organisations that can provision their employees to work from home. Therefore, this trend is likely to continue well into the long term, with many employees reluctant to return to working exclusively in offices.
With the flexibility of a hybrid workforce comes new challenges. One of the most prevalent of these is navigating cybersecurity for remote workers. Previously, employee devices and activities were largely protected by virtue of being behind the corporate firewall. When working from home, those protections are no longer present, so organisations must address the new changes and potential threats that the hybrid workforce can bring.
It’s highly unlikely that the world will ever return to a version of the pre-pandemic normal. Businesses and employees are accepting that they’ll need to work alongside COVID-19 rather than wait for life to return to some outdated definition of normal. This acceptance extends across industries as hybrid workforces split their time between working on-site and remotely. The hybrid workforce will be a permanent feature of the Australian business landscape moving forward so organisations need to understand how to secure their networks and their employees in this new environment.
To get started, businesses must look at updating the foundational changes inside the organisation to fortify their network.
1. Reassess budget priorities
The impacts of a global pandemic can uproot even the most comprehensive budget plans. Organisations are spending on items like cloud adoption, endpoint security, and collaboration software to support hybrid workers. This means they need to reallocate funds that were previously earmarked for things like network upgrades or on-premises infrastructure. It’s important for businesses to develop an architecture that protects users across the local area network (LAN), wide area network (WAN), data centre, and cloud edges.
2. Re-examine security infrastructure
With more staff members handling sensitive information outside of a traditional office space, hybrid working creates a broader threat landscape with more endpoints outside the corporate firewall as well as more potential entry points for cybercriminals. This increased threat level means that organisations should consider implementing a zero-trust security approach in which no user is trusted and all users are given the least amount of privilege possible.
An effective automated security framework will cover every corner of the network from the office and data centre to the branch office and home office, ensuring that employees are kept safe, regardless of location. These solutions should include network access control (NAC), endpoint protection, and secure access service edge (SASE) in a bid to further fortify the network.
3. Beware of insider threats
The threat of malicious insider activity and honest mistakes remains prevalent. Phishing attacks have become more widespread with the work from home trend, with research suggesting that 90 per cent of cyberattacks start with a phishing email. As in person interactions become more limited and email correspondence increases, specialised phishing attempts can go easily undetected. However, organisations can mitigate this risk by providing comprehensive and frequent training to employees so they can spot phishing attempts and avoid falling victim to these attacks.
The hybrid workforce is a new challenge for many Australian businesses. In many cases, organisations have adopted remote working not because they saw the potential benefits but because they were forced to by the pandemic. The move to hybrid and remote working has mostly been a resounding success, letting companies continue to operate even in lockdown conditions. However, it’s essential for businesses to keep security top of mind and to remember that securing a remote workforce is a different proposition than securing their in-office team.
Employees’ home networks can be compromised by security gaps due to connected smart devices and a lack of appropriate security measures. To minimise this risk, organisations should look to deploy endpoint protection as part of their zero-trust network access approach.
Now is the time to re-examine the security measures that were put in place due to necessity and find the best system to plug any potential gaps. This includes increasing employee phishing training and emphasising the importance of security. Organisations must have the right tools in place to protect their networks and have disaster recovery plans ready should the worst occur. These simple steps will pave the way for organisations to protect their hybrid workforces now and into the future.