Charting the course for cyber safety amidst hybrid modes of work

If there’s one thing the past months have shown, it is that organisations in Singapore and the Asia Pacific (APAC) region have demonstrated incredible resilience and adaptability in times of crisis. This is clearly evidenced by the many that have shifted entire businesses to remote working – almost overnight – to keep their employees safe.

Recent times have also shown that ‘business-as-usual’ can take place in unusual workplace arrangements. Modern workers have been nimble and flexible, displaying the ability to work productively from just about anywhere, be it from the office or at home.

As employees and employers alike become acclimatised to the home ‘office’ and more flexible modes of work, it has become clear that the way we work will evolve. That said, while the shift to a hybrid workforce carries many benefits, it is not without risk.

Addressing the growing cyber threat

According to the 2020 Thales Asia Pacific Data Threat Report, APAC businesses are now placed in a more cyber-vulnerable environment, with nearly half (45%) of 500 executives surveyed in APAC admitting to suffering a breach or failing a compliance audit in 2019. The report also found that two-thirds (66%) are seeing themselves as vulnerable to internal data security threats.

Amid the scramble to keep operations going and facilitate rapid remote digitisation, many workers adopted new behaviours that inadvertently placed themselves and the companies they work for in a cyber-vulnerable position. Some of these may sound familiar to many of us: from signing up for multiple free tools and collaborative online applications, to securing sensitive work devices to vulnerable home networks. In June 2020, the Cybersecurity Agency of Singapore reported that people are demonstrating greater willingness to compromise on security to get tasks done, such as using unsecured networks to share classified files or to discuss classified work with colleagues.

With that said, decision-makers are looking to put change into motion. In a recent study, where Telstra commissioned GlobalData to interview 120 business leaders across three continents on their organisation’s response to the pandemic, we found that 80% of respondents plan to introduce or expand existing online unified communications and collaboration tools. When it came to the focus of these plans, the report found that improving ICT and security resilience ranked in the top three key business priorities for respondents.

In this regard, secure collaboration will be critical for employees to not only work and connect securely, but also to communicate virtually and unlock greater collaboration across borders. With the growing relevance and use of cloud in enterprises, decision-makers must also consider digital tooling to assist with security, monitoring and compliance.

Five steps to cyber-secure a hybrid workforce

An important thing to note is that cyber security is everyone’s responsibility. Businesses will require a comprehensive and long-term response to ensure remote working security.

To help visualise this, we asked Forrester Consulting to look into the challenges of cyber security and remote working. We also wanted to uncover how businesses can secure their new-look workforce.

In summary, our report found five immediate priorities businesses can explore to secure their hybrid workforce.

  • Streamline security investments
  • Train employees to be cyber safe at work and on the move
  • Keep VPNs running and as secure as possible in the short-term
  • Invest in Zero Trust network access to replace aging VPNs in the long-term
  • Build a reliable security foundation for personal devices

With transformation and cost-efficiency being top concerns for businesses in this era, streamlining security investments can help organisations achieve both. For example, businesses can opt to concentrate spending with partners that offer the most strategic value. Trimming down a vendor list forces us to think about which vendors provide the solutions that are critical to future growth, and also builds deeper relationships.

While employees can pose a great risk to companies when it comes to cyber-security, this can be mitigated through proper education and training. Of course, training should not just be a one-off, but an ongoing process. Just look at how quickly and effectively cyber criminals were able to exploit vulnerabilities and complacency brought about by the pandemic, with banking-related phishing scams spiking by more than 2,500 per cent in the first half of 2020 in Singapore. Cultivating a mindset for constant vigilance in cyber safety is therefore key. By running regular phishing simulations, team members grow more and more aware of what to look out for. Anti-phishing best practices include a strategic mix of technical controls, employee education, and incident response.

Besides this, the Telstra Security Report 2019 recommends that in the immediate term, businesses keep their VPNs running and as secure as possible. Looking beyond that, Zero Trust network access are a long-term solution that can potentially replace traditional VPNs. These reduce the network threat surface and have features that are more secure than VPNs, such as least-privilege.

Finally, establish a strong security foundation for personal devices. This includes not allowing unmanaged devices on business networks, enhancing security posture with multifactor authentication, and revisiting security threats in the business continuity plan.

The way forward

In the current environment, businesses are facing unprecedented challenges. With employees forming the backbone of any good company, businesses looking to pave the way forward will want to focus on allowing their hybrid workforce to prosper. To that end, it is important to empower teams with scalable solutions that focus not only on enhancing productivity, but also those that help them stay secure and cyber safe no matter where they work.  

Most importantly, we should always keep in mind: when it comes to cyber safety, everyone plays a part.