Work from anywhere. Cyber everywhere. has been saved
Work from anywhere. Cyber everywhere.
Blog 3: Hybrid working
To successfully navigate the future of work and realise the long-term benefits of hybrid working, organisations must ensure they are operating sustainably and securely. If security doesn’t move with your people, it’s left behind.
The COVID-19 pandemic forced leaders worldwide to respond with unprecedented speed and efficiency to new ways of working, innovating, responding, collaborating, transacting… surviving. Now, organisations must ask, “how can cyber help ensure our new ways or working are productive, sustainable, secure, and safe?”
To continue to deliver, and navigate the future of work, organisations need to establish a foundation of trust, adopt a “Cyber Everywhere” mindset, embrace a culture of perpetual resilience and lead from the front.
Establish a foundation of trust
The increasing dependency on technology and evolving risk landscape brings to light safety and privacy concerns. It’s critical for leaders to instill trust among stakeholders that data is being properly handled and safeguarded, striking the right balance between secure transactions, data privacy and productive user experiences.
There are a few ways in which organisations can build trust among their stakeholders.
- Guide and monitor how teams collaborate remotely: Ensure employees are aware of the approved collaboration tools and associated processes and that they are accessing systems securely (e.g. by using Multifactor Authentication.)
- Understand the cyber risk: Organisations should proactively monitor system vulnerabilities and discern the risks associated with the systems of data not being stored or protected in an appropriate manner.
By getting the human dimension of technology, security and trust right, leaders can drive sustainable success for their organisations.
Adopt a Cyber Everywhere mindset
As organisations look towards the new normal, there’s an opportunity to embed the core principles of security: confidentiality, integrity and availability into new ways of working.
As today’s workforce becomes increasingly dispersed, the organisation’s cyber-attack surface expands as thousands of new devices and locations become part of the new work environment. Access to company information and systems is no longer isolated to office locations, meaning organisations must be prepared for a cyber-attack from anywhere.
By focusing not only on the functional and technical elements of security development, but also on the human element, organisations can unlock the business value of a flexible workforce while maintaining the security and integrity of their valuable assets.
Embrace a culture of perpetual resilience
Going forward, the ways we live, work, transact and communicate will be even more interconnected, exposing organisations to increased cyber risk. To support this, organisations need to develop and maintain an incident response programme, a culture of cyber awareness and good cyber hygiene to foster a culture of perpetual resilience.
- Incident response programme: Organisations must re-evaluate incident readiness and response capabilities so they can recover faster, rebound stronger and adapt more quickly to threats without losing critical operational function and customer confidence.
- A culture of cyber awareness: Responding to attacks is not just about good decisions from the top; employees at all levels must understand the importance of their role in cybersecurity. Everyone should learn how to identify, report and respond to threats.
- Good cyber hygiene: Good cyber hygiene (e.g heightened security awareness training) allows organisations to create an environment where the secure thing to do is the easy thing to do.
Leading from the front
As workforces transform in the wake of COVID-19 so does our understanding of how cyber can enable and propel us forward. Organisations that properly integrate cyber now will be better positioned to embrace new technology andensure continued confidentiality, integrity and availability of their key digital assets as they adapt to the new normal. Two key considerations:
Understanding the role of cyber: Executives must understand their organisations’ risk profile and provide knowledge of what the key business processes and systems are. They should actively look to discover and understand where vulnerabilities may exist within their systems. Leaders have the opportunity to drive the cultural transformation that embraces cyber by embedding it as a strategic enabler from the start.
Collaboration between the Chief Information Security Officer (CISO) and the business: CISOs can no longer be viewed as simply compliance monitors and security enforcers. Today’s CISOs must be connected to and collaborating with the business to enable business goals through active management of cyber risks and work towards a culture of shared cyber risk ownership across the enterprise.
COVID-19, for all its challenges has also given us the opportunity to remould the new tomorrow. As organisations move from the recovery phase and prepare to thrive in the new COVID-transition era, cyber is a conduit by which they can transform their businesses and prepare for the future. Effective cyber risk management can help businesses achieve smarter, faster transformation and stay ahead of threats, as well as building trust and resilience among their customers, employees, and communities.
Have you considered? What degree of your organisation’s future hybrid work model includes cybersecurity?
This concludes our three-part blog series on cybersecurity with a people-first approach.
Deloitte can help by looking at your business objectives and then customising, identifying, priortising and implementing processes and solutions to maintain a consistent approach to mitigating the cybersecurity risks organisations face. Cybersecurity threats are constantly evolving; we go beyond addressing the challenges of today to help organisations embed sustainable solutions to prepare for the challenges of the future. Reach out for more information or please visit our Cyber Transformation page.
Blog 1: An introduction to a human-centered approach to cybersecurity
Blog 2: The employee experience