What a hybrid workforce needs is hybrid security
As organizations hope to implement a hybrid working model, having a hybrid security plan is also crucial. While organizations were initially hoping to have their employees back working in the office, the move has now been postponed due to increasing COVID-19 cases. In the US, the big tech companies have all delayed their return to office for the foreseeable future while the UK is seeing a smaller number of employees coming in, with most companies looking at a hybrid work model.
Reports showed that companies like Microsoft have indefinitely delayed the reopening of their headquarters, while Amazon will only look to return to office in January 2022. Facebook, Apple, and Google have also followed the same moves. While this is possible for tech companies, not all industries can afford to do the same.
The argument most employees have is that remote working is more productive than being in the office. And they do have a point as remote working has shown an increase in productivity as employees spend lesser time commuting to work and such.
For employers however, the biggest concern about remote working is security. While a hybrid work environment would require a hybrid security practice, enabling it may not be as simple as it seems, especially with employees continuing to be the weakest link and entry point responsible for most data breaches.
According to an HP Wolf Security report, IT teams have been forced into compromising security for business continuity at a time of rising threats. Making matters worse, their attempts to increase or update security measures for remote workers have often been rejected.
The survey combines data from a global YouGov online survey of 8,443 office workers who shifted to remote work during the pandemic and a global survey of 1,100 IT decision-makers, conducted by Toluna. It showed that 76% of IT teams admit security took a backseat to business continuity during the pandemic, while 91% felt pressure to compromise security for business continuity.
With the future workforce mostly being digital natives, the report showed that they are getting frustrated whenever security protocols impede their workflow, especially with authentication methods getting in the way of getting access to data for work. In fact, 48% of younger office workers surveyed viewed security tools as a hindrance, leading to nearly a third trying to bypass corporate security policies to get their work done.
Interestingly, over half of 18–24-year-olds surveyed were more worried about meeting deadlines than exposing their organization to a data breach. 39% were unsure what their security policies say, or are unaware if their company even has them — clearly suggesting a growing level of apathy among younger workers.
“The fact that workers are actively circumventing security should be a worry for any CISO as this is how breaches can be born,” comments Ian Pratt, Global Head of Security for Personal Systems, HP Inc. “If security is too cumbersome and weighs people down, then people will find a way around it.
“Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design, and user-intuitive. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up,” he added.
Hybrid security a priority
At the same time, 80% of IT teams said IT security was becoming a “thankless task” because nobody listens to them despite the efforts made to curb user behavior in keeping data safe. When IT security teams restrict access, it creates friction for users, who resent the controls and push back on IT, leaving security teams in turn feeling dejected and rejected.
For Joanna Burkey, Chief Information Security Officer (CISO), HP Inc, “To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity. From here, security needs to be re-evaluated based on the needs of both the business and the hybrid worker.”
With that said, it’s not surprising why organizations are eager to have their employees work back in their offices. As employees continue to take cybersecurity lightly, the chances of them being a victim increases. Statistics have already shown how breaches have increased due to remote work.
The hybrid work model may be the best option at hand for now. But even so, it’s still going to be challenging for security teams as a hybrid security strategy is not as easy as it seems. While on paper it looks like just implementing control and visibility over access both in and out of the office, the reality is that having employees adapt to this model will be challenging.
For example, can organizations risk having their employees using their own devices for work with a hybrid working model or should they be provided by company devices? And can organizations keep changing access to data whenever employees are in office and out of office? While automated processes may allow it, the process is still teething for employees.
At the end of the day, employees need to understand the importance of having a good security practice. Be it a hybrid security practice or fully remote, one simply cannot afford to take security issues as a hindrance to their work.