Security Policy Must Keep in Mind How People Work in the Hybrid Office

If the hybrid workplace is here to stay, then security policy must put people first—understanding how the human element plays are role in protecting data is essential, but so is making sure any security measures don’t get in the way of their productivity.

People can be part of the problem but also part of the solution—cultural changes that go hand and hand with security policy can positively influence employee behaviours to make your hybrid office more secure.

Humans make mistakes

Quite often, people put the organization at risk and violate security policy unintentionally. Privileged users can unknowingly let their credentials get compromised, which allows threat actors to access systems and sensitive data. Although it’s usually an accident, occasionally a disgruntled employee may compromise the organization intentionally.

Human beings also fall for phishing scams, both on their personal devices and corporate workstations; in the hybrid office, this device can be one and the same. Scams that employ socially engineered malicious messages that encompass tax-themed phishing, dodgy downloads, fake payment and delivery, and invoice phishing, have become even more common during the pandemic and will likely continue apace in the hybrid office.

Some people are just plain careless, despite security policy guidance, by letting credentials lapse or not using multifactor authentication. Cybersecurity technology isn’t effective on its own without keeping people in mind. Yes, they need to be held accountable, but you must also meet them where they are. The hybrid office means your employees are moving between their work and personal lives more fluidly, including the devices they’re working in—this must be reflected in your security policy.

Remote work is here to stay

Meeting people where they are means your security policy outlines how they can help to keep their organizations securie without getting in the way of their productivity. Your security policy should assume that the hybrid office is here to stay for the foreseeable future and understand the impact of continued remote work.

IT teams must be prepared to support remote workers, who are likely to have less traditional schedules as they embrace flexibility, and adopt collaboration tools to work across different departments, including human resources as they onboard new workers who will be working remotely, on-site or a combination of both. The hybrid office has also meant a shift to “hoteling” as employees come to work a few hours a day or a couple of days week without their own dedicated workspace.

Remote work always had implications on security policy, even before the pandemic, but there has been an increase in malware incidents, data breaches and other poor security behaviors as more people work from home. Despite this spike, it’s important keep security simple for employees and engage regularly with through awareness training so they can help protect their hybrid office from threat actors.

A clear and concise security policy allows employees to be productive no matter where they are working so that security is not a barrier to productivity.

Sanjeev Spolia is CEO of Supra ITS

There are many ways artificial intelligence (AI) and machine learning already impact cybersecurity. You can expect that trend to continue in 2024 – both as tools for data protection as well as a threat.

Balancing Cybersecurity Innovation Amid Evolving Threat Landscapes

Even as you implement AI and machine learning into your cybersecurity strategy through the adoption of tools like Security Orchestration, Automation, and Response (SOAR), Security Information and Event Management (SIEM) and Managed Detection and Response (MDR), so are threat actors. They will continue to update and evolve their own methodologies and tools to compromise their targets by applying AI and machine learning to how they use ransomware, malware and deepfakes.

With small and medium-sized businesses just much at risk as their large enterprise counterparts, SMBs must take advantage of AI and machine learning as mush possible. AI-directed attacks are expected to rise in 2024 in the form of deepfake technologies that make phishing and impersonation more effective, as well as evolving ransomware and malware.

Deepfake social engineering techniques

Deepfake technologies that leverage AI are especially worrisome, as they can create fake content that spurs employees and organizations to work against their best interests. Hackers can use deepfakes to create massive changes with serious financial consequences, including altering stock prices.

Deepfake social engineering techniques will only improve with the use of AI, increasing the likelihood of data breaches through unauthorized access to systems and more authentic looking phishing messages that are more personalized, and hence, more effective.

Countering Cyber Threats and Harnessing Innovation in 2024

If hackers are keen on leveraging AI and machine learning to defeat your cybersecurity, you must be ready to combat them in equal measure – just as AI and machine learning will create new challenges in 2024, they can also help you bolster your cybersecurity. While regulations are being developed to foster ethical use of AI, threat actors are not likely to follow them.

AI will also affect your cyber insurance as your providers will use it to assess your resilience against cyberattacks and adjust your premium payments accordingly. AI presents an opportunity for you to improve your cybersecurity to keep those insurance costs under control.

Conclusion

There’s a lot of doom being predicted around the growing use of AI and machine learning. And while it does pose a risk to your organization and its sensitive data, you can use it to bolster your cybersecurity even as threat actors leverage AI to up the ante. A managed service provider with a focus on security can help you use AI and machine learning to protect your organization as we head into 2024.

Listen to this Post

Subscribe

Keep up to date with our weekly digest of articles.

By clicking Subscribe, I agree to the use of my personal data in accordance with Supra ITS Privacy Policy. Supra ITS will not sell, trade, lease, or rent your personal data to third parties.

Let us know
how we can help

Need more information? Book a meeting with one of our experts today!