Transitioning Back to the Office or a Home-Office Hybrid Working Environment

As companies plan for employees to return to the office or work in a hybrid home-office arrangement, it’s imperative that CIOs and CISOs address increased cyber threats and create or update security protocols, processes and employee engagement initiatives. Here is a rundown of the various areas to consider and work with your teams or vendors to ensure are central to your planning.

RTW-Assess for Vulnerabilities

Assess for Vulnerabilities: Corporately and Individually

  • The rapid deployment of a remote workforce undoubtedly created a lot of holes in computing asset inventories.  IT teams must reestablish their asset inventory, including hardware, software, and data sources and repositories.
  • Get a grasp of your expended use of cloud technologies. Employees have adopted workflows and workarounds that may now include services like Box, personal cloud services like iDrive, or personal OneDrive folders, as well as non-business class services like Apple MyCloud. It’s time to reign those in.
  • In many situations, the ‘Home Office’ has become central. It’s critical that you recover some degree of separation to properly define or redefine risk boundaries.
RTW - Breach Successful

Map Potential Weak Spots in a Hybrid Work Scenario

Your IT and Security departments face three potential work location scenarios that all affect your risk and transition plan:

  1. Employees will continue to work from home permanently.
  2. Employees will transition fully back to the office in the near future.
  3. Employees will be using a hybrid, or flexible arrangement, working from both home and office interchangeably.
  • For employees who will be required to return to the office, planning, standards, and processes for these users will look different.
  • Depending on your scenario — now and into the future — multiple IT transition strategies could be needed.
  • We suggest using a standards-based risk assessment to ensure that your transition strategies are comprehensive.  CSI Critical Controls can be a good, high-level guideline to make sure that any proposed strategy meets the critical elements of basic cyber hygiene.
Stages of Cyber Attack

Five Stages of a Cyber Attack

To defeat hackers, you must understand how they strategize and execute cyber crime. We outline the five phases of a cyber attack.

Read Insight

RTW - Educate Employees

Educate Employees

Whatever transition plan you develop, education will be key before, during, and after each major transition.

  • Update employees on new and adaptive threats.
  • Outline new and return protocols.
  • Create touchpoints throughout the transition to keep tabs on compliance as well as competency gaps where additional education is needed.
RTW Endpoint Protection

Endpoint Protection

Corralling all the devices — work and personal used for work — might be the biggest hurdle.

  • If endpoint protection was not utilized, prioritize deployment of an endpoint solution.
  • The prevalence of cloud-based back office tools can accelerate transitions. They require a thinner desktop, and, because most (or all) of the data and workflow is in the cloud, your return-to-office strategy could be much easier.  In these cases, a laptop can be reissued with little productivity impact.
RTW - Re-entry Workplace

Re-entry to the Office Network

It’s important to create or adapt your protocols and processes for a full return or hybrid scenario. Even if all staff continue with work from home, your policies and procedures will need some level of overhaul.

While many aspects of work life will return to traditional services and solutions, it may be advantageous to rework those services and solutions using the new methods adopted over the past year.

Plus, many organizations are choosing a defined ‘reentry’ process that might look similar to an onboarding or new employee process.  While this can be expensive and labor intensive, it provides a greater level of rigor and certainly, giving you more confidence in your risk mitigation status.

RTW - Planning Ahead

Looking Back & Planning Ahead

The business disruption of the past months has been monumental. Those organizations with no contingency plans were forced to adopt new plans. Those with plans were forced to use and expand their plans. For some, it was an acceleration of trends and plans that had been on the horizon for years.  Whichever camp you’re in, the optimal recovery path is not necessarily to go back to where you were, but to use the past year as a ‘disruptor.’  Use those learnings to motivate your teams to look at the traditional ways you do business and evolve practices beyond the inertia of the old ways.

Horace said, “Adversity has the effect of eliciting talents which, in prosperous circumstances, would have lain dormant.”

Let’s Look at Your Transition Plans

As you planning your next transition, let’s connect. Will you maintain a hybrid scenario permanently or is there some “new normal” that you should contingency plan around? How does your work location transition affect your future contingency planning and cyber risk position?

Contact Us