Future of work requires better security

Despite all the calls for workers to return to the office, the future of work is going to be decidedly hybrid. Even as more workers return to the office, it’s clear in the wake of the COVID-19 pandemic just how productive they can be working from home. Even full-time employees regularly work from home, so most organizations need to find some way to ensure employees can securely work from home whenever needed.

In fact, a survey of 1,250 full-time employees conducted by ResumeBuilder.com finds workers' preferences are roughly evenly split. A full 40% want to work fully in person, compared to 28% who want to be fully remote and 32% who prefer a hybrid arrangement.

Employees' main reasons for preferring working remotely include flexibility (70%), improved work-life balance (67%), and a lack of commute (65%). Those who prefer working in an office include social interaction (58%), faster communication (47%), easier collaboration (47%), and separation of career and home life (46%).

Working at home, however, comes at a price. Most cybersecurity professionals would agree it’s easier to secure a single office environment than multiple remote offices, which typically have a lot of consumer-grade equipment that is too easily compromised.

Managers, meanwhile, naturally find it easier to manage teams working in the same office and will contend that those teams are more productive when they regularly engage with one another. That issue is at the heart of efforts at Boeing, UPS, Dell, Amazon, and Google to get more workers to return to the office.

However, despite those concerns, a recent survey of 158 CEOs in the U.S. conducted by the Conference Board, a nonprofit think tank, finds only 4% are making the return of workers to the office in 2024 a priority in 2024.

For one reason or another, most office workers, whether from home, a café, or a hotel, are at some point remotely accessing applications over an insecure network. It’s up to cybersecurity professionals to make certain IT environments as secure as possible, regardless of who is accessing them and when. Unfortunately, the bulk of access is still being provided either with no meaningful additional security or via a virtual private network (VPN) that is often inherently insecure.

There’s a lot that obviously can go wrong. One case in point is those organizations that hired IT workers they never met that turned out, in addition to planting malware, were also passing their wages on to the North Korean government to help fund weapons programs. Clearly, organizations need to find ways to vet the employees better before hiring them. It’s also critical to ensure that even after they are hired, the least privilege access policies are strictly maintained to limit the scope of any potential breach that might be inflicted.

In the age of hybrid work, it’s only a matter of time before more organizations adopt, for example, a secure access service edge (SASE) platform to make hybrid work more secure. The only thing left to determine is to what degree those transitions will occur before or after a major breach.