Meeting The Security Challenges of Hybrid Working

Meeting The Security Challenges of Hybrid Working

remIn a 2021 report, How to solve a new equation in the future of work,  Accenture established that location agnostic, a productive and happy workforce directly delivers better bottom lines. According to this, 63% of all high-growth companies and 83% of employees preferred a hybrid working model.

Today, three years down the line and two years after the last pandemic restrictions were lifted, the scenario has changed understandably.

However, companies have realized that providing a healthy work-life balance, giving employees freedom from formal attire, and reducing travel time (a nightmare in most cities worldwide) adds to productivity. Employees have seen how to deliver better and deal with less stress- while working remotely or in a hybrid model.

Despite this, the number of actual hybrid working employees has fallen after the pandemic was over.  WFH Research indicates that in 2023, only 12.7% of full-time employees worked from home, and 28.2% worked in a hybrid model.

As far as corporate adoption goes, by 2023, Owl Lab’s 6th annual State of Remote Work Report stated that only 16% of companies accepted fully remote work.

Most workers are still working from the office, despite 62% saying they feel more productive when working remotely and 45% saying their work-related stress has increased somewhat or substantially in the past year.

But employees still feel that hybrid or remote work works-  in a TechReports study- 98% of workers expressed a desire to work remotely, at least part-time, as of 2023

With the Great resignation making it challenging to retain a skilled workforce, companies may need to consider this sentiment soon when committed to skilled resources. As Gen Z comes to the workforce, enforcing inconvenient rules may cost them their best talent.

But why are companies reluctant to continue with the hybrid or remote working model? What does the hybrid model or remote work cost the company in terms of security, data privacy, and accessibility? While collaboration tools can ensure zero loss of productivity or efficiency, the risks stay. They are particularly concerned about the security of personal mobile devices being used.

How Should Leadership Respond to These Risks? 

Motorola recently researched enterprise devices, “Global Employee Security and Productivity Study,” about the risks of personal devices when used for enterprise purposes.

It revealed only 26% of employees use a dedicated work smartphone provided by their employer. This would mean almost three-fourths of employees use their smartphones for work.

This is an area of concern for CIOs and CISOs. Here are their responses:

  • About half, 45% of the CISOs and CIOs   surveyed had stated security as the top priority for them when they considered mobile devices in their employee’s hands
  • More than 66% of the CISOs say their organization is unprepared for a targeted cyber-attack in the next 12 months.

Not all companies can afford to deploy a completely secure home office, and if hybrid working is strongly needed, what is the risk offset?

I spoke with a top security leader in enterprise, and here are some things I learned about ensuring a safe hybrid environment.

The first observation was a company’s security is only as strong as its weakest link. So, companies need to start looking at risk mitigation in terms of layers that build on each other.  Not only do they need good devices, but they also need to ensure that their employees are trained to use them effectively. They must also have tools, awareness, and policies to build these layers further.

Despite all the tools being used, there is a high-security risk for employees who work hybrid or remotely and use smart devices – company or personal.

That’s a significant top-of-mind issue for security leaders. What are they doing about it?

  1. They are enhancing their security infrastructure and taking a multi-pronged approach. Organizations need a budget dedicated to mobile security that allows for training, tools, and third-party defense systems. These would protect the company, their employees, and their customers.
  2. In addition, government regulations and customer and privacy requirements also ensure higher levels of security. CISOs also strengthen device requirements and install apps or tools to help them manage and secure them.
  3. CISOs today want to ensure that devices have security features like a safe, trusted execution environment for passwords and pins. This will ensure that these are essentially safe, secure devices. Many device vendors offer them, which is increasingly important, especially in security and privacy-conscious industries.
  4. They are prioritizing devices that provide regular security updates. So, if a device’s patching has not been done for over a certain number of days, some companies disconnect that device from the corporate environment. It is connected back only after it catches up on its patch levels.
  5. They also prefer devices that do not come with bloatware or unwanted third-party software. While this software does provide some personal benefits to consumers, because these are not necessarily vetted, there is always the risk of unknown vulnerabilities being included.
  1. In addition, companies are also adding tools that enforce policies and ensure that devices remain compliant with their security updates. They ensure advanced security and device management tools, such as a threat defense system like an antivirus on steroids.
  1. Companies are also mandating cybersecurity training for their employees. This ensures that employees know about potential threats and dangerous social engineering activities. In a hybrid or remote setting, employees need to be extra careful.
  2. They’re also taking a comprehensive multi-layered strategy to bring technology and modified acceptable human behavior to combat security risks.

Balancing Benefits with Risks, Productivity, and Security  

There are multiple benefits to a remote working policy.

Reports say a company can save up to USD 11000 per worker annually if it adopts the hybrid / remote working model. These include technology, hardware, real estate, and utilities costs. Enabling a hybrid work culture also reduces burnout and attrition. A healthy work-life balance ensures happy employees and higher productivity. In Gartner’s 2020 ReimagineHR Employee Survey of 5000 employees in organizations with a standard 40 hours per week office,  ‘only 36 percent of employees were high performers’. In contrast, for a flexible and hybrid work option, ‘where employees have a choice over where, when, and how much they work, 55% of employees were high performers.”

The benefits of hybrid working are high. Forbes has already stated that  HR specialists say, ‘burnout accounts for up to 50% of employee turnover’. When employees can choose flexible workplace options, it might solve burnout issues for 71% of the workers, according to a Gallup survey. This will lower turnover and attrition, reducing skill challenges.

All these employee benefits will impact productivity. That is what will drive growth in revenue for any company. In addition, workplace flexibility can also enable companies to attract remote talent, expanding their hiring options.

The best way for companies to find a balance between the risks and benefits of hybrid or remote work options is by using security and access control technologies. CISOs play a massive role here. They need a layered approach to protecting the employees and their data. Providing clean separation, policies, tools, and education answers these risks.

This starts with making sure the working tools are safe and secure. And then, of course, there are the layers of security, including training the employees and the entire workforce on security matters.

These are important for CISOs; many tools exist to achieve this balance. 

  1. A few tools companies are now rolling out are enterprise mobility management (EMM) and mobile device management MDM) solutions. These are deployed across multiple platforms with varying capabilities. They can ensure that when the employee turns the device on from day zero, these devices are configured to operate in a safe and secure sandbox.
  2. The second tool that a lot of CIOs are ensuring in their environment is what’s called comprehensive policy control. It allows administrators to manage and enforce policy app permissions and monitor settings across all these devices. Remote management is another important tool that allows administrators to solve any security or other problem on an employee’s device. This helps minimize downtime and maintain their environment’s safety and productivity. And then, of course, security updates and patch management tools are necessary to ensure that these devices are up to date with the latest patches.
  1. Finally, there are a lot of tools like the ability to remotely wipe a device or lock down a lost device, the ability to manage apps and even delete unauthorized apps remotely

They can secure the containment and data on these devices. This is critical to manage security risks.

In summary, CIOs and CSOs are using many tools these days to better manage and secure devices with access to company data.

Deploying these would be the first and the best steps remote or hybrid working companies can take toward protecting themselves and their environment.

Check Out The New TalkCMO Podcast. For more such updates follow us on TalkCMO News.