Or should the question be about why it must work if an organization is to be future-proof?

Since the start of the pandemic, organizations have had to implement remote-working in various forms, with many settling down to hybrid arrangements involving a mixture of Work-From-Home and work-from-office based on necessity and rostering.

What are finer points of hybrid-working that organizations need to take note of? What extra cybersecurity measures need to be put into place to protect the network? CybersecAsia asked Nishant Rathi, Founder and Chief Executive Officer of NeoSOFT Technologies, an IT consultancy, for some answers.

Nishant Rathi, Founder and Chief Executive Officer, NeoSOFT Technologies

CybersecAsia: Does hybrid-working result in better cost savings, more flexibility, and higher productivity?

Nishant Rathi (NR): In 2020, organizations witnessed the benefits of remote-working and hybrid working first-hand. The belief that employees need to be in the office to be productive has been proven to be a myth. Reality shows that people are in fact more productive when they work from home—the lack of commute, reduced distractions, and the flexibility of private workspaces are some contributing factors. We have even witnessed increased employee satisfaction after switching to hybrid.

Hybrid work models will continue becoming popular because of their ability to allow companies to drastically cut down on their carbon footprint. Hybrid workspaces also help in cutting down on maintenance costs, energy consumptions, and several overhead surcharges.

On the other hand, the obvious challenges that would need to be addressed are the technology inequalities that employees may face; the feeling of disconnect or isolation with the organization; and the obvious problem of increased cybersecurity risks. 

CybersecAsia: What kind of technological innovation and support is needed for enterprises to maintain a strong hybrid workforce?

NR: For successful hybrid-working, technology equity is the first step. This can be done by taking a look at the digital tools that made remote-working possible, and the setbacks that operations have faced, and then work from there.

The tools chosen should be portable, secure, and inclusive for both on-site and remote employees, especially in communications, conferencing, collaboration, project management, and time management.

As pandemic has proved, a vast majority of sectors are suited to adopt hybrid-working. In case of roles that require rigorous on-site presence such as in healthcare, media and entertainment, support staff, to name a few—even those personnel have opportunities to shift operations to remote.

For example, online consulting can be used to help doctors go hybrid; remote post-production and editing tools can help media professionals to do the same; and general remote/guided auditing, assessment, and troubleshooting tools can be adopted to let support personnel go hybrid.

CybersecAsia: How does one ensure the best security practices across the office and home networks in hybrid-working?

NR: The best way to ensure security is through tight vigilance and constant employee cyber-awareness training. This involves companies diligently updating their security policies and creating awareness among staff about protecting themselves, informing them of the remote resources at their disposal, and retraining whenever new resources become available.

Encouraging two-factor authentication and providing virtual private network access are good measures for safeguarding remote connections.

Consider limiting corporate data access to reduce exposure to threats. Ultimately, organizations should be proactive in assessing the effectiveness of their measures by getting the support team to audit employees’ devices and connections regularly and routinely performing penetration testing to stay on top. After all, in cybersecurity, preparedness and prevention go a long way.

CybersecAsia: Which cybersecurity protocols are essential while implementing a hybrid model?

NR: Hybrid workplaces are based on an extensive cloud infrastructure. As such, the protocols that are adopted also need to be cloud-centric. Zero Trust and multifactor authentication can be implemented to ensure stringent safety.

For the network, the security perimeter has become borderless, so expanding the company’s endpoint security strategy and setting the correct policies should be a priority.

Emerging strategies to do this include implementing AI/ML-based Endpoint Detection and Response (EDR) services and Security Operations Centre as a Service (SOCaaS)—also called Managed Detection and Response (MDR).

Finally, organizations need to remember that a business is not just about its equipment—it is all about people. Policy setters should remember to never underestimate the necessity of employee training; hybrid-working exposes them to a whole host of phishing threats that could end up infiltrating the office network.

CybersecAsia thanks Nishant for contributing his views.