It has been two years since the world first went into lockdown because of the COVID-19 pandemic. As a result, millions of people worldwide have been working remotely for just as long. Even now, as many cities are opening up to resume basic activities, many organizations have chosen to offer their workforce more flexibility in how and where they work—be it due to employee preference or extended safety precautions.
However, this dramatic shift to remote and hybrid working models comes with pros and cons in both the physical and cyber security space. In this blog post, I will explore the opportunities and risks presented by these new models, as well as what security leaders need to consider to effectively protect a workforce that’s more dispersed than ever before.
Many organizations will maintain a traditional office footprint but will also capitalize on the benefits of having remote and/or hybrid work environments. However, that forces organizations to face an unprecedented challenge: how to protect a workforce that spans hundreds, if not thousands, of locations, when just before the pandemic their employees were based at designated office spaces?
Corporate security has traditionally focused on protecting its people and physical assets. As remote work proliferates and becomes increasingly institutionalized, policies and procedures to protect employees are evolving. Consequently, companies now have to reassess their security standards and practices.
This includes evaluating legitimate questions on the extension of duty of care obligations, and whether the processes of protecting a company’s workforce extend to wherever employees are working. Should businesses have to constantly monitor and inform employees of issues affecting their physical location during work hours? Why would this be any different from the normal situational awareness provided in a traditional office setting?
Security and business leaders should remember that this is not an entirely new phenomenon. Business travelers and executives are already provided with additional protection measures while on company trips.
Prior to the pandemic, many companies had been well along their digital transformation journey, which was then accelerated by the shift to remote work once lockdowns began. This transition has led businesses to adopt more agile approaches to leveraging applications and managing, storing and accessing their data. Most employees, with the exception of those who have to be present at their official work setting to perform their tasks, can work from almost anywhere—their kitchen, a coffee shop or a vacation home rental.
However, having the majority of a workforce being remote means businesses risk facing a spike in cybersecurity threats. There are greater concerns about how sensitive organizational data is accessed, stored and moved. The attack surface is no longer contained to a company’s office network—it is much wider, and the opportunity for compromise is now much more apparent.
Take ransomware, for example. This type of cyberattack has become more prevalent over the last few years, with increasingly significant scope and impact, and industry experts believe it is likely to occur even more frequently in the future. In the second quarter of 2021 alone, more than 700 organizations experienced a ransomware attack. One of the most notable attacks was the May 2021 cyber attack on JBS SA, the world's largest meat processing company. It forced the shutdown of all its U.S. beef plants, impacting almost a quarter of American supplies.
To stay ahead of and mitigate such cyber threats, security leaders have to first maintain the right level of visibility to discover where potential risk exists, based on how their organization’s data is stored, used and moved. Secondly, they need to determine how best to remediate risk exposure when it is first identified.
As the cybersecurity landscape will continue to grow more complex due to more sophisticated, targeted and widespread attacks, risk discovery will always be a foundational element. Security leaders should constantly keep the following questions top of mind:
Organizations should consider a streamlined approach to addressing the challenges of protecting a more dispersed workforce, such as a converged security model to reduce the silos between physical and cyber risk management.
It’s also an imperative that businesses have access to real-time, actionable information across both the cyber and physical security functions, as well as the operations teams. In addition, organizations should have solutions that support consistent and repeatable workflows for managing incidents and informing key stakeholders.
By implementing the right frameworks and tools that are updated to reflect the new work environment, you can keep your employees and company assets safe—both in the physical and cyber realms. Most importantly, your employees, whether they're working in a remote or hybrid model, should feel confident that their organization is taking proactive steps to protect them no matter where they are.
Learn how Dataminr Pulse can help organizations like yours protect their people and assets in today’s remote and hybrid work environments.
Homayun Yaqub is Head of Corporate Solutions Practice at Dataminr. Prior to Dataminr, he was Chief Strategist at Forcepoint and a security leader at JPMorgan Chase. He was also a founding member of The MASY Group, a global intelligence and risk consulting firm. Homayun began his career as a U.S. Army Officer and has held leadership and executive roles in the Department of Defense and U.S. Intelligence Community. He holds a master’s degree in conflict analysis and resolution from George Mason University, and a bachelor’s degree in international business from James Madison University.