Australian and New Zealand organisations have fully embraced the hybrid working arrangements that emerged following pandemic restrictions and lockdowns. Employees tend to prefer to work remotely at least part of the time and employers have found that productivity doesn’t suffer when employees work from home. However, while societal and managerial concerns regarding hybrid and remote working may have subsided, cybersecurity issues remain. Organisations need to evolve their cybersecurity approach to match the changes that are occurring in their workforce, according to Wavelink, a Fortinet distributor.

Ilan Rubin, CEO, Wavelink, said, “When the pandemic first hit, it was assumed that there would be a return to normal at some point. The world is now accepting that it’s more likely that organisations will need to find a way to work alongside COVID-19, which will probably involve a hybrid approach to work. This will see some employees work on-site, some work remotely, and others split their time between the office and the home office. The hybrid workforce will be a permanent feature of the Australian and New Zealand business landscape moving forward so organisations need to understand how to secure their networks and their employees in this new environment.”

There are three ways businesses must look to fortify their network:

1. Reassess budget priorities

Where previously organisations may have planned to spend on network upgrades or on-premises infrastructure, they may now need to redirect those funds towards elements that support the hybrid environment. This can include cloud adoption, endpoint security, or collaboration software, for example. It’s important to develop an architecture that protects users across the local area network (LAN), wide area network (WAN), data centre, and cloud edges.

2. Re-examine security infrastructure

Hybrid working creates a broader threat landscape with more endpoints outside the corporate firewall, as well as more potential entry points for cybercriminals. This means organisations who haven’t already done so must consider introducing a zero trust security approach, where no user is trusted and all users are given the least amount of privilege possible. Doing this effectively requires an automated security framework that covers every corner of the network from the office and data centre to the branch office and home office. Solutions should include network access control (NAC), endpoint protection, and secure access service edge (SASE).

3. Beware of insider threats

People are the weakest link when it comes to cybersecurity due to errors and the potential for malicious actions. Phishing attacks have become more widespread with some research suggesting that 90 per cent of cyberattacks start with a phishing email. (1) As employees communicate more often via email, clever phishing attempts can easily go undetected. Therefore, it’s essential to train the workforce to spot phishing attempts and reinforce the need to double-check with the purported sender of an email before following any instructions in that email or clicking any links.

Ilan Rubin said, “A hybrid workforce means more employees will be working from home networks instead of the traditionally better-secured corporate network. Home networks can be filled with gaps due to connected smart devices that the employee doesn’t even realise are endpoints that could provide cybercriminals with access to the network. Organisations need to minimise this risk by deploying endpoint protection and maintain that zero trust network access approach.

“Understandably, a lot of organisations rushed to provision employees to work remotely when the pandemic hit. Now is the time to re-examine the security measures that are in place and plug any gaps. This means training employees to spot phishing attacks and taking the right security precautions at all times. Organisations should also make sure they have the right tools in place to protect the distributed network along with back-up data and disaster recovery plans. With all of these elements in place, organisations can protect their hybrid workforces now and into the future.”

Reference:
(1) https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html