Eight resolutions for orientation in the new hybrid office model


Continuous review and improvement are critical to a successful safety program. The year is drawing to a close, and it is a good time to look back to 2021 and prepare some new year’s resolutions.

Adapting to the hybrid office model created by the pandemic has proven to be one of the greatest challenges. I anticipate securing remote workers, growing applications and services in the cloud, and improving security controls in the supply chain will remain major issues for CISOs in the future.

Here are some solutions that you need to follow to make sure your business is safely navigating with the new hybrid office model.

1. Increase security awareness. The human factor is always the weakest link in cybersecurity. CISOs need to expand their communication skills and create new channels to convey information about information security. You need to expand messages beyond phishing alerts to include topics such as laws and regulations that link security to business. Data protection is a key issue.

2. Know who is connecting. Throughout the pandemic, the challenge of secure connectivity remained. The bottom line is that secure VPN, single sign-on, and two / multi-factor authentication are a must for validation and only allow authentic users. Access and security logs need to be carefully analyzed to identify suspicious activity.

3. Secure VPNs and patch updates. VPNs made headlines at the beginning of the pandemic because many companies were reintroducing VPNs that had previously been disabled without patching them first. Hackers took advantage of the situation and looked for devices that could exploit them. Routine patching must be part of the security model and have top priority when it comes to securing a company with home office employees.

4. Back up the cloud. The cloud and on-demand models have become hugely important in enabling users to access the applications they need to do their jobs from anywhere. While this move to the cloud has its productivity benefits, it also poses security challenges. It is important to remember that cloud environments are not automatically secure when they are first created. Securing them takes time and knowledge. To keep your business secure, security controls must encompass all environments and provide 360-degree application protection for both the application surface and the cloud application infrastructure.

5. Know your suppliers. The SolarWinds vulnerability highlighted the need for organizations to thoroughly evaluate the tools and services they incorporate into their operations. This includes carefully installing and configuring the product or service, tracking patches and new versions from the vendor, and monitoring for suspicious behavior. In a highly sensitive environment, some companies may choose not to use any third party products or services.

6. Know the enemy. From nation-state attacks to climate hacktivists to disgruntled employees, security teams need to understand the techniques, tactics and procedures used by malicious actors. By getting to know their adversaries, security is better prepared to identify and eliminate threat actors who may be targeting their surroundings. Many security companies issue threat alerts that can be used to gather the latest information to support a security strategy. Continuous monitoring and analysis are required to identify and respond to these threats as quickly as possible.

7. Maintain visibility. Organizations need to ensure that they can maintain visibility and consistency of security controls across a range of platforms, infrastructures, and technologies. Having visibility and control over security and development dashboards is a must. These dashboards should provide actionable analytics, automation, and custom controls.

8. Balance the load. Organizations need sufficient capacity to balance and scale network loads to meet the needs of remote workers. After all, a secure network makes no sense if it fails every time a large number of employees access it because it cannot cope with demand. Since employee productivity depends on applications being available and accessible, CISOs need to find appropriate solutions that ensure business continuity. Those with multiple data centers should use global load balancing to ensure availability across data centers and the cloud.

CISOs have a lot to do in the New Year. Fortunately, these eight resolutions can help ensure continuous improvements for safely navigating the new (out-of-office) reality.


About Author

Comments are closed.