Here are three reminders that CISOs need to keep in view when their organizations embrace WFH and flexi-work arrangements.

While the advantages of work-from-home (WFH), flexible work arrangements and hybrids of various work-from-anywhere schemes are numerous, we must be mindful of the cybersecurity implications.

Implementing a hybrid workplace requires the use of a variety of cloud applications, which in turn, creates new network edges. With the eroding of established network perimeters, traditional security solutions may no longer keep pace with the mainstreaming of more 5G and IoT devices and applications that create even more network edges and further expand the attack surface.

So, how can organizations fortify the network to ensure that it can be both highly agile and highly secure to meet current needs and future work trends and employee experience expectations? Three steps are involved.

hybrid work arrangements
Jess Ng, Country Head (Singapore and Brunei), Fortinet

Mitigating WFH vulnerabilities

The following steps are a reminder of the need for organizations to boost cyber resilience and vigilance in pace with expanding attack surfaces and threats inside and outside of the corporate network:

    1. Reassess cyber investment priorities
      To move to a long-term hybrid work model, spending needs to be reviewed based on a list of priorities. For example, funds previously set to go to network upgrades may, instead, be needed for cloud adoption, collaboration software, and endpoint security: the point being that organizations must think about how they can put in place an IT architecture that supports flexible work models.
    2. Account for security infrastructure changes
      With hybrid work and work-from-anywhere arrangements come the need for Zero Trust solutions to keep network access secure. However, this requires solutions such as network access control (NAC), endpoint protection, and secure access service edge (SASE) to work in concert. There are no two ways about it: this can only be achieved through a broad, integrated, and automated security framework designed to span the network from the home office, branch office, campus, and data center to multiple public clouds.
    3. Managing insider threats
      Across industries, one of the most notable cyberattack vectors has turned out to be the organization’s own employees. Particularly common are phishing attempts that look to exploit interaction between IT departments and remote workers. The key to combatting human fallibility to such cyber threats in the hybrid work landscape is security awareness training. As more employees move to the hybrid work model, now is a good time for teach and reinforce some basic cyber hygiene to all employees when configuring the new hybrid office. At the same time, organizations must account for the fact that home networks tend to be less secure than corporate ones. Therefore, decision-makers should consider how tools like Zero Trust Network Access and Endpoint Detection and Response systems can be used to ensure that home offices are not the weakest link in the security chain.

A future defined by vigilance

In the face of rapidly evolving cyber threats, the digital transformation adopted (or enhanced) at the onset of the COVID-19 pandemic needs careful re-evaluation, especially with regard to compliance and proper data security. 

While the hybrid office offers a balance between remote- and on-site working that benefits both employees and employer alike — there remains much to be done to keep threat actors at bay.

As organizations redefine their network infrastructures and business models, CISOs should carefully review the tools and best practices needed to continue a seamless transition, enabling the hybrid workforce to securely embrace the future of work.