Transitioning Back to the Office or a Home-Office Hybrid Working Environment
As companies plan for employees to return to the office or work in a hybrid home-office arrangement, it’s imperative that CIOs and CISOs address increased cyber threats and create or update security protocols, processes and employee engagement initiatives. Here is a rundown of the various areas to consider and work with your teams or vendors to ensure are central to your planning.
Assess for Vulnerabilities: Corporately and Individually
- The rapid deployment of a remote workforce undoubtedly created a lot of holes in computing asset inventories. IT teams must reestablish their asset inventory, including hardware, software, and data sources and repositories.
- Get a grasp of your expended use of cloud technologies. Employees have adopted workflows and workarounds that may now include services like Box, personal cloud services like iDrive, or personal OneDrive folders, as well as non-business class services like Apple MyCloud. It’s time to reign those in.
- In many situations, the ‘Home Office’ has become central. It’s critical that you recover some degree of separation to properly define or redefine risk boundaries.
Map Potential Weak Spots in a Hybrid Work Scenario
Your IT and Security departments face three potential work location scenarios that all affect your risk and transition plan:
- Employees will continue to work from home permanently.
- Employees will transition fully back to the office in the near future.
- Employees will be using a hybrid, or flexible arrangement, working from both home and office interchangeably.
- For employees who will be required to return to the office, planning, standards, and processes for these users will look different.
- Depending on your scenario — now and into the future — multiple IT transition strategies could be needed.
- We suggest using a standards-based risk assessment to ensure that your transition strategies are comprehensive. CSI Critical Controls can be a good, high-level guideline to make sure that any proposed strategy meets the critical elements of basic cyber hygiene.
Whatever transition plan you develop, education will be key before, during, and after each major transition.
- Update employees on new and adaptive threats.
- Outline new and return protocols.
- Create touchpoints throughout the transition to keep tabs on compliance as well as competency gaps where additional education is needed.
Corralling all the devices — work and personal used for work — might be the biggest hurdle.
- If endpoint protection was not utilized, prioritize deployment of an endpoint solution.
- The prevalence of cloud-based back office tools can accelerate transitions. They require a thinner desktop, and, because most (or all) of the data and workflow is in the cloud, your return-to-office strategy could be much easier. In these cases, a laptop can be reissued with little productivity impact.
Re-entry to the Office Network
It’s important to create or adapt your protocols and processes for a full return or hybrid scenario. Even if all staff continue with work from home, your policies and procedures will need some level of overhaul.
While many aspects of work life will return to traditional services and solutions, it may be advantageous to rework those services and solutions using the new methods adopted over the past year.
Plus, many organizations are choosing a defined ‘reentry’ process that might look similar to an onboarding or new employee process. While this can be expensive and labor intensive, it provides a greater level of rigor and certainly, giving you more confidence in your risk mitigation status.
Looking Back & Planning Ahead
The business disruption of the past months has been monumental. Those organizations with no contingency plans were forced to adopt new plans. Those with plans were forced to use and expand their plans. For some, it was an acceleration of trends and plans that had been on the horizon for years. Whichever camp you’re in, the optimal recovery path is not necessarily to go back to where you were, but to use the past year as a ‘disruptor.’ Use those learnings to motivate your teams to look at the traditional ways you do business and evolve practices beyond the inertia of the old ways.
Horace said, “Adversity has the effect of eliciting talents which, in prosperous circumstances, would have lain dormant.”
Let’s Look at Your Transition Plans
As you planning your next transition, let’s connect. Will you maintain a hybrid scenario permanently or is there some “new normal” that you should contingency plan around? How does your work location transition affect your future contingency planning and cyber risk position?