As the effects of the COVID-19 pandemic begin to ebb in the United States, the hybrid workforce is fast becoming the primary operating model for many organizations. As a result, establishing a secure hybrid workforce has become top priority. Let’s look at five steps you should take to make sure your network is protected as workers come back into the office.
1. Assess the stopgap solutions for compliance and security
Many CISOs took dramatic measures when employees suddenly became remote. Some decisions were likely based on expediency, and more than a year later, tools deployed as a result of those decisions may have even scaled out and assumed a permanent berth. Today, those platforms — among them messaging, conferencing, collaboration, remote patching and data warehousing — need to now be evaluated against compliance, data privacy and the security principles of confidentiality, integrity and availability.
2. Keep security awareness in sight at all times
When employees were predominantly based in the office, they could constantly be reminded about the importance of security through placards, notices and other forms of communication posted around the workplace. To ensure a secure hybrid workforce, these reminders need to be transmitted, virtually, to employees’ homes. For example, companies could use gamification to reinforce security awareness training.
3. Expand the risk perimeter
With many employees choosing to work from home permanently or to be in the office only occasionally, the employee’s home must be part of the organization’s risk perimeter. Expanding a zero-trust policy to home devices — for example, smart speakers, cameras, connected fitness equipment and TVs — is essential. Consider pop-up green screens to prevent outsiders from viewing an employee’s home in the event a staff member is presenting at a virtual conference. Help employees segregate their networks so home devices are in a separate subnet from their work laptops. Be sure to treat the employee’s home as an extension of the enterprise network.
4. Establish uniform policies for home and work employees
With a hybrid workforce, the physical security perimeter no longer exists. An on-premises employee using the corporate network has to be treated with the same zero-trust mentality as the staffer working from an Airbnb location. This means the VPN, if deployed, should always be used, regardless of location. Multifactor authentication is also a must. Constantly monitor device characteristics and end-user consumption patterns to establish a uniform policy governing alerts and responses.
5. Back up, back up again and test
Ensure data generated by remote and on-premises employees is backed up and tested constantly. This includes data residing on employees’ laptops, as well as data stored in the cloud. As the volume of ransomware attacks continues to increase, guaranteeing business continuity is critical. If your business has the financial means to do so, store primary and backup data on different clouds.