COVID-19 has completely shifted the way that companies operate. According to Stephen Gorham, CIO and Global Head of Operations at critical infrastructure protection (CIP) and cybersecurity solutions provider OPSWAT, “the pandemic forced organizations to accelerate their remote and digital transformation initiatives by an unprecedented velocity, expanding their remote and hybrid workforce to meet business needs”.
And while the shift to hybrid work may have started off as temporary, many companies are embracing hybrid work environments for the long-haul—and, as such, are having to reevaluate the best ways to keep their networks, data, and teams secure. “As the pandemic continues to evolve around hybrid workforce strategies, organizations are balancing this shift by investing in security and accessibility of systems and data,” says Gorham.
Also read: What the COVID crisis has changed for CIOs
But as hybrid work becomes the norm for companies, what, exactly, do CIOs need to keep front of mind? Stephen Gorham reveals four security commandments for the CIO in the era of hybrid work:
Cybersecurity is the top priority
If you’re a CIO in the era of hybrid work, one of the security commandments that needs to be at the top of your priority list? Cybersecurity. CIOs need to “prioritize the implementation of cybersecurity processes and controls,” says Gorham.
Also read: [Expert Opinion] Cybersecurity Challenges for SMEs in 2021
In order to keep your networks, data, and teams secure, as CIO, you should take a multifaceted approach to cybersecurity processes and controls, including:
- Access Controls. “Elevate a focus on secure access controls, particularly when both employees and customers are working remotely or using public networks to access privileged data,” says Gorham.
- Prevention Controls. “Implement data egress controls to mitigate data loss,” says Gorham.
- Detection Controls. “Deploy appropriate…[and] proven to be effective threat detection resources to quickly identify and facilitate responses quickly—including blocking, quarantining, and remediating threats,” says Gorham.
By approaching cybersecurity from all angles, you decrease the likelihood of dealing with any major cybersecurity issues—and, in the event that an issue does arise, you have the right processes and controls in place to deal with it.
Embrace identity and access management
In a hybrid work environment, by definition, you’ll have employees accessing your system from a variety of locations (whether that’s your corporate office, their home office, or an additional remote location, like a coworking space) and from a variety of devices.
And with so much variability in who is accessing your network, data, and applications, verifying that those people are authorized for access has never been more important—which is why investing in identity and access management is one of the must-do security commandments for CIOs in the era of hybrid work.
Also read: CIOs: what IT investments should you prioritize in 2021?
“Invest in solutions and practices that secure remote access for critical applications and network resources by applying zero-trust principles,” says Gorham. “Verify users, devices, access levels, and requested resources before granting any access.”
In addition to investing in identity and access management tools, CIOs should also continually evaluate how these tools are working, any risks that are present in their current processes, and what to do if there is a remote access breach. “These investments should include documentation of new digital business processes, inventory of new infrastructure assets, evaluation of new digital risks, assessment of the effectiveness of existing security controls, an action plan to address security and compliance gaps,” says Gorham.
Secure company communications
Sensitive information is exchanged over company email and communication platforms. But these platforms can also be ripe with security threats, putting that sensitive information at risk—particularly when employees are sending emails and other communications from unsecured remote networks.
That’s why investing in keeping company communications secure should be high on the list of priorities for CIOs in the era of hybrid work. “Invest in solutions and practices that secure communications necessary for business operations,” says Gorham. “These should include multi-scanning technologies to detect threats, sanitizing technologies to remove malware, analysis technologies that leverage artificial intelligence to assess vulnerability to file risks, automation and orchestration solutions to aid in response, and endpoint compliance solutions.”
Train your team
As CIO, you can (and should) take every step possible to keep your company safe. But if you don’t teach your employees how to do the same, your efforts won’t be as effective as you want and need them to be.
That’s why investing in employee training on how to protect themselves, their devices, and sensitive company information while working in a hybrid work environment is a non-negotiable.
“CIOs should be investing in additional training for their teams to ensure they know how to keep themselves, their devices, and their data secure,” says Gorham.
“The rapid transition to first remote and now a more permanent hybrid workforce may have resulted in unintended consequences such as an increased attack surface, unaddressed security gaps, or poorly implemented security controls,” Gorham continues. “To help combat this increased risk. It’s imperative to educate employees and contractors about the dangers lurking on the internet, the meaning of a hybrid workspace, and how to spot and report risky emails and other communications from cybercriminals looking to exploit these security gaps.”
Also read: Hybrid Work: What Are The New Challenges For The CIO?
As CIO, develop robust training programs for employees on how to safely navigate the hybrid work environment—and, when appropriate, bring in external training resources to get your team up to speed. It may be an investment, in both time and resources—but it’s an investment that will more than pay off when your training efforts result in fewer security issues.
As so many workplaces shift permanently to a hybrid work environment, CIOs are having to develop new IT strategies to keep their companies safe. And now that you know the top security commandments for CIOs in the era of hybrid work, you have a jumping off point to start developing your own strategies—and increasing security across your company, no matter where your employees may be working.
Are you looking to know more about CIOs’ security challenges in the era of hybrid work? Read our white paper to find out:
Author: Deanna deBara