By Paul Balkwell, Vice President – International Sales, Zix

The past year or so has seen one of the most radical shifts in working behaviour in decades. Never before have so many companies been forced to have so many staff working remotely. And even as some companies signal that they want a return to full-time office life, it’s unlikely that things will go back to the way they were before any time soon, if ever. In fact, research has shown that most UK workers want to keep working from home at least some of the time once the pandemic is over.

As a result, companies are having to overhaul their workplace management strategies. Much of the focus in this regard has been on finding ways to maintain company culture and to keep employees motivated and loyal as they battle Zoom fatigue. Less well regarded, but perhaps even more important, is security.

The stop-gap measures organisations put in place when they first sent employees home in 2020 were never intended for a world in which remote and hybrid work models are the norm. As such, they need to acknowledge the new reality and embrace new security processes and methodologies.

Cybercriminals take the gap

Just how big a role security should play in workplace management was made evident in the early days of the COVID-19 pandemic. The weeks following March 2020 saw a 667% increase in phishing attacks.

While most of those attacks were email-based and taking advantage of a unique circumstance in which people were receiving an overwhelming amount of communications and had let their guard down due to the stresses of the pandemic.

The fact remains, however, that cybercriminals weren’t only taking advantage of this situation but also the fact that people were working from less secure home networks. It’s also a certainty that cybercriminals will take advantage of any further shocks and disruptions to the working world.

Organisations need to understand this and ensure that their employees are appropriately protected against threats and equipped with the skills needed to respond to them.

Education

The first step in doing so is to have a comprehensive education plan in place. Whether an organisation is operating from a central office or deploying entirely remote teams, education arguably remains its most important defensive weapon against cybercrime.

With cybercriminals increasingly capable of spoofing both internal and external communications, it’s imperative that organizations remind employees of what they’ll never ask them to do via email.  Additionally, organizations should emphasize that employees be doubly cautious of any email that asks them to click a link, open an attachment, or verify their details.

It’s also important that organisations make it clear how and where to report suspicious emails. The faster an organization’s security team is alerted, the more quickly it can respond and intervene to warn employees and shut down spoofed websites.

Any communication in this regard needs to be consistent, regardless of which department it comes from. It also needs to be measured and authoritative so that employees don’t feel panicked.

Empowerment

In addition to education, there are a few steps that organisations can take to ensure that their employees are as protected as possible.

These include, but are not limited to:

• Issuing each employee a portable computer and a VPN token with Multi-Factor Authentication
• Making sure all machines are encrypted, contain end-point security, and have everything in place for regular patching
• Making sure all machines are equipped with email security and encryption, to protect against spam, ransomware, malware, spearfishing, etc,
• Ensure business critical data is backed up in the cloud and can be easily recovered post-breach
• Providing security awareness training for all employees as well as education from LinkedIn Learning on working securely as well as working remotely,
• Open communication through cloud-based productivity suites, video conferencing, open chat channels to enable the team to collaborate and communicate.

The organisation can further help, by assisting employees to secure their home networks and regularly communicating security advice including only allowing people they trust onto their network and not allowing children and other family members onto work devices.

Ongoing communication is key

Ultimately, incorporating remote and hybrid work into the organisation’s security workplace management strategies shouldn’t be a once-off effort. New threats are emerging all the time and while a good security partner can help in your organisation’s protection and reaction efforts, employees still need to be aware that they are the first and best line of defence. Organisations therefore need to engage in ongoing communication and education efforts with employees.

We are still in the very early stages of a new working paradigm and workplace management policies will have to adapt along with the rest of us. It’s crucial that security adapts just as fast, if not faster.