Hybrid Working Securely
The concept of hybrid working i.e., a flexible work model that supports a blend of in-office, remote - more often than not home – and on-the-go worker, has now been embraced by many businesses. What may have started just as an ad hoc way to continue operating during the Pandemic, has now been formalised into working patterns for many businesses across the globe because there are obvious benefits to:
· Attract and retain a more diverse workforce
· Give people better work-life balance and reduce travel costs
· Increase productivity with more people being able to work in a place and at a time that allows them to perform at their best
· And make savings on office space and overheads.
But, before making the change to hybrid working, how many businesses considered whether there would be an impact upon their culture and security? As the saying goes “knowledge is power” and as such understanding the threats to your organisation will enable you to mitigate against them. This can be achieved by conducting a risk assessment. CPNI’s remote working guidance discusses many of the security risks that a business should consider before creating a hybrid working policy. These include:
• the challenges of continued line management oversight,
• staff working on unfamiliar technology in new environments,
• the need to provide appropriately protected IT devices, training and support when working off-site,
• ensuring there is staff access when working off-site to welfare help if needed,
• identifying roles and locations that cannot accommodate hybrid working.
If hybrid working policies and procedures are not addressed and well communicated to the workforce, then there is a risk of staff disgruntlement and this is a key factor in setting someone on the pathway to conducting an insider act. As a minimum, a secure hybrid working policy will provide a framework for line managers and their staff to formalise arrangements for attendance on site, contact with each other, attendance at meetings, availability for future training and review of the ongoing arrangements. Ideally this framework will provide a fair and consistent approach for all staff, whilst allowing flexibility for line managers to agree what works best for all parties. A hybrid policy should be reviewed regularly to ensure that it continues to meet all the business needs but especially following any security incident that might impact upon hybrid working arrangements in order to mitigate any new risks.