Workers Go Back to the Office: Cybersecurity After COVID-19

According to new research from Microsoft, 50% of companies want workers back in the office five days a week based on surveyed workers around the world between January and February. In the same report, 52% of workers are in the process of switching to a hybrid or a full-time remote job in 2022. This dichotomy means employers must make necessary changes to meet employees’ needs, while also keeping business practices safe from cyberattacks. The COVID-19 pandemic put businesses on the fast track to changing day-to-day operations and led many organizations to review their cybersecurity practices and infrastructure as employees transitioned to work-from-home. This also includes companies that have adopted bring-your-own-device (BYOD) and hybrid work setups. Even with many workers back in the office, the pandemic has turned many cybersecurity strategies from temporary actions into permanent strategies.

The move to an accelerated digital transformation strategy for cybersecurity can be a positive in the long term, but this must be conducted in a manner that ensures protection for end-users and the company. What exactly is the new normal, and what cybersecurity risk and mitigation measures can a business take to protect themselves? Below are some of the ways COVID-19 has changed the way we think about cybersecurity and how organizations can stay on track to keep their heads above water in this new digital sea.

Work From Home is Here to Stay

An increase in cloud-based cybersecurity services became necessary as the number of people working from home has grown. Many will continue to work from home for years to come.

According to a survey by Tessian, 47% of people working in the technology industry have clicked on a phishing email at work, and 43% of people reported making an error that had security repercussions. While workers are at home, they lack the protection of firewalls they would have in the office. In addition, if a personal Wi-Fi network doesn’t have suitable security protocols in place, the risk of security concerns is high. BYOD has led to new concerns—employees are using smartphones, tablets, personal laptops and other devices to gain access to highly-sensitive corporate data that can leave organizations in jeopardy. Attackers understand how to exploit all of these sudden changes and will continue to develop new and vicious malware to breach systems. All businesses must be equipped to support the workforce on a global scale regardless of what device the end user is using.

Training is an Absolute Imperative

Hybrid work—from the office to the living room, the backyard or the local coffee shop—makes it abundantly clear that more training than ever is needed to protect everyone involved in the global workforce since the COVID-19 outbreak.

At this point, it should be no surprise that human error is every organization’s biggest cybersecurity risk. Companies need to be vigilant in making sure everyone is up-to-date on current knowledge about potential breaches. Before the pandemic, employees may have unintentionally provided access to information or sensitive files to individuals that should have not had access. Or a USB drive may have traveled from the office to home and back to the office unprotected, putting critical information at risk. Every organization’s IT systems must continue to adapt to sudden workplace changes, especially as more workers are demanding to work from home.

While solutions like single-sign-on and multifactor authentication are a must, training is a high-value part of the process that should not be ignored. Organizations providing training on phishing attacks and other potential breaches can help employees understand and circumnavigate the cybersecurity landscape.

The Cloud is a Necessity – Not an Option

Organizations tend to stick with what works when it comes to basic security tools. But legacy tools aren’t always kept up-to-date, nor can they interoperate with each other or with newer technology, which can obstruct the implementation of a comprehensive cybersecurity plan. While implementing new tools provides benefits, it can also increase risk, which attackers look to exploit. If gaps between new and existing tools and weaknesses are found, breaches can, and likely will, occur. On-premises solutions served organizations well for years, but the cloud provides a level of security not found in on-premises solutions and helps streamline software, so no tool is left behind.

We are still in the midst of a pandemic and the workforce has been forever changed. Organizations need to stay on top of cybersecurity threats that occur with employees working near and far in this new normal.

Avatar photo

Chip Gibbons

As Chief Information and Security Officer, Chip is responsible for Thrive’s security and the security of our clients. He directly oversees the Security Operations Center and the Cyber Security platform. Throughout his 13-year tenure with Thrive, Chip has risen through the ranks holding positions such as Field Services Manager, Problem Solutions Manager, Senior Manager of Cyber Security and R&D, and Director of Cyber Security. He began his career as a network engineer, which has served as a foundation to expert status in specialties, including Cyber Security, Management, Windows, Cisco, and VMWare. Chip has a bachelor’s degree from Hamilton College and maintains several technical certifications, including CEH and CISSP. He is a highly regarded industry expert and is regularly a featured speaker at conferences, an author of industry and thought leadership blogs, and webinar host of demos and other industry technology.

chip-gibbons has 1 posts and counting.See all posts by chip-gibbons