Security Best Practices for Hybrid Work Environments

Written by

As the number of vaccinated people continues to increase and businesses across the globe start to reopen, companies are beginning to take a closer look at the hybrid (remote and in-person) work model that many have started to adopt as the crisis continues to ease. From the employees’ perspective, they gained work flexibility, while employers realized that their teams could be just as, if not more, productive working remotely. While these changes are constructive for a company’s culture and workforce engagement, hybrid working is a key consideration for IT teams. 

At the start of the pandemic, offices rapidly closed their doors, and IT leaders grappled with setting up home offices and digitally transforming their organizations. In the meantime, with employees now working away from the built-in protection of in-office networks, the remote workforce quickly became a target for cyber-criminals. As the world enters its next work culture shift, IT teams need to incorporate the following measures to successfully adapt existing security practices to accommodate the future of a hybrid work environment.

Increase Visibility

As the hybrid work model continues to gain traction, it’s essential that IT teams maximize visibility to manage devices, identities and operating behaviors effectively. The rapid shift to remote work on a global scale eroded the traditional enterprise security perimeter. In turn, IT and security teams that had not already invested in sound asset management, endpoint security and identity management were forced to move those disciplines to the top of the priority list. COVID-19 reinforced that there is no substitute for delivering a corporate tech stack and IT service desk optimized for the needs of a mobile workforce. These requirements will only become more important as the world embarks on a hybrid work environment. 

Adopt Zero Trust 

Whether employees are logging on to work remotely or socially distanced in an office, 

IT leaders should assume that workers are connecting from unsecured networks and design services and security standards and processes around that assumption. In the new normal of hybrid work, having no control over the network from which employees are connecting to business services will become the standard. That requires strong validation to ensure that whoever appears to be accessing the company’s services is who they say they are. Critical to the success of network security, it’s vital to train employees on remote endpoint management tools. At a minimum, IT departments need to deploy mandatory annual employee security awareness training to help establish effective security practices.  

Employ Multi-Factor Authentication

The 18 months have likely taught many organizations that identity management and multi-factor authentication (MFA) are no longer optional but compulsory. As a measure to validate operator identities, passwordless authentication mechanisms are gaining traction. Providing endpoint protection in a hybrid work environment requires IT teams to employ MFA to ensure sensitive information remains proprietary as workers log on from less secure networks. In addition, it’s increasingly important for IT teams to be alerted to and immediately respond to abnormal activities originating from a corporate asset. Otherwise, adversaries can go undetected for extended periods, expose vulnerabilities and move laterally to high-value targets in the IT environment, greatly increasing the risk of data loss, theft or fraud. 

Share the Responsibility of Security 

Effective security involves the deployment of tools, controls and policies, as well as shared ownership and awareness across the organization. This is especially true in a hybrid work environment. It was never enough, and now even more so, for only a few people within an organization to monitor cybersecurity threats. All IT professionals within the company need to work in unison to ensure robust security practices are in place at all levels of the organization. To effectively prioritize security practices, businesses should establish a security council of cross-functional leaders responsible for reviewing and discussing security posture, events, and updates on a quarterly basis. In addition, IT teams should establish and regularly test a clear incident response policy and plan to prepare for any incidents that may occur. 

Business leaders agree it is highly likely that the hybrid workforce will become the norm for many organizations. The shift in where and how employees work was confirmed in a Gartner survey, which revealed that 82% of company leaders plan to allow employees to work remotely some of the time. With that in mind, it’s vital that IT professionals immediately prepare for this upcoming shift. While the world may be returning to some sense of normalcy, the global workplace is forever changed, making it imperative that IT teams get ahead of hybrid work to optimize security success now and in the near future. 

If you liked this article, be sure to check out this upcoming Online Summit session:

What’s hot on Infosecurity Magazine?