Getting Back to Work Safely

As Australia contemplates life after the pandemic, business leaders are also considering what the new world of work will look like. While many workers are looking forward to a permanent return to the office, some might opt for a hybrid working lifestyle.

Making this possible presents a number challenges, both in managing the new hybrid workforce, and ensuring it doesn't put corporate data and systems at risk. For many organisations that means tweaking the systems and processes they use to keep data and applications safe. For others, it represents a fundamental rethink of their cyber security arrangements.

The good news however is that while the future world of hybrid work is still unfolding, the techniques that can protect it are known and trusted.

Cybersecurity: People and The Organisation

The need to protect data and applications is critical regardless of where a person is working. Those defensive measures must be sufficiently robust to fend off attacks, but not so complex as to get in the way of a worker doing their work. Complex passwords might appear to offer strengthened security, but in a hybrid world, ensuring good password management is harder to enforce.

One solution is to impose a single sign-on method for both on- and off-premises access, using multi-factor authentication (MFA) technology such as Cisco Duo. One of the key benefits of this solution is that it can make use of a device that almost everyone carries – their mobile phone – as the authentication tool.

In an ideal world, a worker might gain access to their corporate network by using facial recognition to unlock their phone, with additional protection provided through the phone's location services, that ensures the worker really is where they say they are. This form of 'passwordless' authentication ensures there is no doubt as to who is logging on.

Cyber Risk: Data Management

Protecting data is critical, but it is hard to protect data that isn't properly managed.

Good data management starts with a process of discovery, to ensure that all data assets are identified and accounted for. That includes hunting down all data copies, regardless of whether they are in active use, archived in a storage array, or tucked away on a portable backup drive forgotten at the back of a supply closet. Any unaccounted data source places an organisation at risk, especially if it contains sensitive customer data.

Once all data has been found, decisions can be made about how it is treated. This means deciding how to store data in a way that is appropriately accessible and cost-effective, and that it is backed up appropriately.

Understanding the contents of each data source also creates a clearer picture of the level of its associated risk and the level of protection it should receive This includes making decisions about who can access data, and what procedures they will need to follow to gain access.

Taking a risk-based approach to data management ensures that data is appropriately protected at all times, regardless of where it is being accessed from.

Cyber Crime: Threat Hunting

One of the popular emerging techniques for securing data in a hybrid world is to adopt a proactive technique for cyber defence known as threat hunting. This technique is based on the idea that attacks are inevitable, and advocates actively hunting them and shutting them down before they can do significant damage.

Threat hunting is brought to life through Cisco SecureX, a cloud-native integrated security platform which is which is embedded tightly inside Cisco's Active Malware Protection for Endpoints solution and delivers an analyst-centric process for uncovering hidden advanced threats.

Building a threat hunting ability requires significant skill from qualified cyber security professionals. But when done well, it proves the adage that the best defence is a good offence.

In this hybrid working world, threat hunting can be a useful tool to ensure that any new data risks created by hybrid work methods are discovered and shut down before they become crises.

Safety in a remote working world

Whatever form the future hybrid workplace might take, safety and security will always be priorities, and leaders must ensure security measures are robust no matter where a worker is working from. But they must also ensure that security should never get in the way of what workers are trying to achieve.

This means that regardless of how it evolves, planning for the future hybrid workplace means balancing all considerations – both the safety and productivity of workers, and of the applications and data they are using. Because if the goal of hybrid work is to deliver a better working life for all workers, that shouldn't come at the expense of the organisations data and application security.