How do we bring employees safely back to the office after months of being a remote workforce? What will the new office work environment need to look like to ensure employees feel safe? These are two of many questions that businesses are struggling to answer as they begin the process of considering when employees can return to work. We are hearing a lot of organizations are considering moving to a hybrid work environment where employees can work a couple of days in the office and a couple of days at home. This hybrid model is going to introduce a lot of change. As many IT professionals know, change opens up the opportunity for risks. As employers adopt this new change to a hybrid work environment, there are some critical security considerations your customers need to explore.
- Cloud security: Leveraging cloud with remote workers is smart for multiple reasons, including automatic backups of work and better collaboration. It offers companies the ability to put in controls around documents. If companies do not put those controls around their cloud, there is an opportunity for someone editing the document to introduce malware to it. Anyone else who opens up the file would be affected. Your customers quickly implemented these cloud solutions to support remote users. But it is worth seeing if your customers are taking advantage of all the features included in their cloud subscriptions, and that the features are configured appropriately and securely. Just plugging something in, turning it on and including it in the infrastructure does not mean it is secure.
- Managing complexity: Partners are going to have to help customers articulate to leadership why it’s crucial to make up-front investments in security and why it’s important to have a future architecture that has security baked into it to avoid wasting time trying to comb through these complex environments. In many cloud instances, security is at a bare minimum. For instance, one of our partners worked with a customer that conducted its typical yearly disaster recovery plan test. The employees tasked to complete the test found that many systems they planned to support were no longer on-premise; the systems were on the cloud and the employees didn’t know how to do those disaster recovery tests. They went to the business unit that had purchased the cloud services and were told they didn’t have to worry about it—that it’s in the cloud. If you get bad data in the cloud, it’s going to go around to the cloud data centers quickly, which doesn’t help in a DR scenario. Take a security-first approach to avoid the headaches that come with retroactively trying to figure out how to make these multi-cloud environments meet compliance and scrambling to find the additional expenses needed to protect the network.
- Redirecting funds: Customers are now asking to pivot their security spend. Before they might have aimed for a network refresh at the office, but now they want to implement methods to secure their remote employees. If they think they no longer need as much office space, they don’t need that much infrastructure but could potentially turn that funding to other security solutions. If 75% of your workforce is working remotely, it will be more important to buy them endpoint security. But you’ll still need to secure your traditional perimeter. We recommend measuring your risk through our remote home secure program to assess the actual risks that these different groups of employees possess. Based on the assessment data, customers can become more efficient with their security spend. If we can paint the new hybrid scenario risks for leadership, then the customer will be more successful in redirecting those operational funds to other cybersecurity solutions.
- Retraining employees: Customers are going to have to focus on armoring up employees who are going to be everywhere. That’s preceded by updating policies and strategies documentation. If you’re an organization that wants to evolve into a hybrid work environment, it’s incumbent upon you to get on top of documenting new policies and procedures to reflect the new reality. Companies are also at risk of violating compliance if their documentation does not match their new reality. Regulators will impose hefty fines on organizations without documentation. After that documentation is updated, there’s an excellent opportunity to proceed into a training mode to resynchronize everybody, because effective organizations know what they do and know who does what and can execute it to secure the organization.
Help guide your customers in securing their new, altered office environment. Tech Data’s team of cybersecurity experts is here to help secure your hybrid work environment. We recently launched our Remote Home Secure Program. This new offering focuses on evaluating a company’s security policies, technologies and security practices for securing their remote workforce. We can also help improve the skills of your customers’ employees to identify and mitigate risks from home through the Tech Data Cyber Range. Contact us at [email protected], or visit https://cyberrange.techdata.com to learn how we can help your customers assess key security risk areas and provide high-level recommendations to address identified risk gaps in their work environments.
This guest blog is part of a Channel Futures sponsorship.
