CISO Tips For Securing The Post-Pandemic Hybrid Workforce

As the world begins to emerge from the pandemic, many changes have come to light. One of the most dramatic changes is in the workforce—and the workplace. For many, work is no longer a place that people commute to and from every day. Indeed, many employees went from working on-site to working 100% remotely almost overnight.

As the pandemic subsides, many of these people are going back to work, but many are also adopting flexible hybrid work models. This prospect creates new opportunities and challenges for both the employer and employee. Employers are grappling with balancing new real estate requirements and technology needs for long term secure remote access and collaboration tools.

While employees are dealing with the very real phenomena of an “always on” enterprise without normal working hours and personal interactions. These factors and more, including managing employee satisfaction and retention, point to a more flexible workforce post-pandemic, one that embraces the hybrid office.

According to a FlexJobs survey, 58% of respondents say they would look for a new job if they had to return to the office. Indeed, 65% indicated they want to work remotely full-time post-pandemic, and 33% said they prefer a hybrid work arrangement. Further, a solid 100% of formerly on-site workers said they’re now anxious about returning to the office, with 77% reporting they’re concerned about exposure to COVID-19. The numbers cannot be ignored—the hybrid workforce is the future of work.

What Does a Hybrid Workforce Look Like?

A hybrid workforce consists of remote workers, employees who work on-site, and those who work some days in the office and some days from home (hybrid office). This model provides many benefits, including employee flexibility and autonomy, as well as lower operational costs. However, the hybrid work model also poses some challenges, such as employee isolation and heightened cybersecurity risks.

Hybrid Workforce Security Challenges

The variety of cloud applications needed to run a business in a hybrid work environment creates new network edges. While organizations were able to quickly shift to accommodate the secure remote access needs of their workforce during the pandemic, most traditional security solutions could not keep up. It’s time to focus on fortifying the network so that it can be both highly agile and highly secure. At the same time, the future of work will bring even more Internet-of-Things (IoT) devices and applications to the network, creating even more network edges and further expanding the attack surface.

Rethinking Budgets

Moving to a long-term hybrid work model requires a reassessment of budget priorities. Funds that were once earmarked for a network upgrade, for example, might need to be reallocated for cloud adoption, collaboration software, and endpoint security. Going forward, we need to think about an architecture that supports flexible work models with protection across the LAN, WAN, data center and cloud edges.

Shifting Security Infrastructures

Because the hybrid work model creates a broader threat landscape, an organization’s security needs become more challenging and complex. More off-site workers mean a greater emphasis on Zero Trust, least-privilege principles to keep network access secure. Implementing Zero Trust requires solutions such as network access control (NAC), endpoint protection, and secure access service edge (SASE) working in concert with a broad, integrated, and automated security framework designed to span the network from the home office, branch office, campus and data center to multiple public clouds.

Threats from the Inside

Regardless of industry, one of the most significant cybersecurity vulnerabilities turns out to be the employees themselves. For example, remote employees often have frequent interactions with the IT department, with forms to download and procedures to complete. As a result, a well-crafted phishing attempt might easily go undetected.

The key to combating human error in the hybrid office is security awareness training. As more employees move to the hybrid work model, now is a good time for some basic cyber hygiene when configuring the new hybrid office.

At the same time, it is important to remember that home offices run on home networks, which are notoriously undersecured. Without adequate endpoint protections in place, threat actors can compromise vulnerable home systems, such as consumer-grade Wi-Fi or home entertainment systems, and then hop to the remote worker’s device. They then hijack VPN connections to deliver malware back to the core network. Tools like Zero Trust Network Access (ZTNA) and Endpoint Detection and Response (EDR) systems are critical for ensuring that home offices don’t become the weakest link in your security chain.

Tips for CISOs to Protect the Hybrid Workforce

As we embrace the future of work, it’s essential to evaluate the technology adopted during the initial rush to remote work to ensure compliance and proper data security measures are in place. It’s also a good idea to:

• Remind employees of cybersecurity hygiene best practices, both in the office and at home.

• Employ technologies like ZTNA, SD-WAN, SASE, and EDR to ensure employees working at home are as secure as those working in the office. Additional tools, like Network Access Control
(NAC), segmentation, and a zero-trust architecture can take those protections a step further.

• Back up employee data, store it off-network, and test it regularly to get ahead of potential cyberattacks, including ransomware.

• Establish and test incident response plans.

Final Thoughts

The post-pandemic workforce is still evolving and there’s much work to do. The hybrid office offers a balance between remote and on-site working that benefits employees and employers alike. It is the undisputed model of the future. As organizations redefine their network infrastructures and business models, CISOs should carefully review the tools and best practices needed to continue a seamless transition, enabling the hybrid workforce to securely embrace the future of work.