How to secure a hybrid workplace and remain productive?

We explore how IT leaders can build resilient hybrid work strategies that ensure their teams can collaborate and remain productive in the face of a growing cyber threats.

Along with how, where, and when we work, the way we think about work is changing. In fact, The Economist declared “hybrid work” the word of the year for 2022, noting that the concept would transform everything from urban space usage to what employees consider free time. 

The rise of hybrid work has led business leaders across industries to rethink their workplace strategies so that they better align with employee needs and productivity goals. According to a recent survey conducted by Accenture, for instance, 83% of workers around the world said that they prefer hybrid work over all other working models. In response, 63% of high-growth companies have already made “productivity everywhere” the standard for their employees.

Our own research reveals similar findings. We recently partnered with global research firm Statista to survey more than 500 digital workplace decision-makers in the UK, Germany, France, the Netherlands, and Sweden about their current and future hybrid work strategies. We discovered that most European companies are now giving their on-site workers the option to choose a few days each week or month to work from home or another location. As many as 62% of European organisations allow employees to work remotely as often as three or even four days per week. 

Improving employee well-being and boosting productivity have emerged as the primary drivers of hybrid work adoption in Europe. Organisations are also investing in initiatives that are intended to make hybrid work more comfortable and rewarding for employees. A large majority (94%) of our survey’s respondents say that their company’s current real estate investment strategy has been influenced by hybrid work adoption.

This doesn’t mean that hybrid work adoption is easy for organisations. It represents a major shift from the in-office working model that previously predominated for many decades, and like any large-scale change, it comes with new challenges. Participants in our survey reported that improving cybersecurity was the biggest challenge they faced with the adoption of hybrid working, while the largest group also said that it was their top priority. 

A formidable threat landscape  

Cybercriminals are always resourceful and inventive, but 2022 was a particularly difficult year in terms of cyber threats. With the outbreak of the Russia-Ukraine crisis, nation-state threat actors became more active, and, according to the European Union Agency for Cybersecurity, ENISA, destructive attacks taking place in concert with military actions have become increasingly common. 

Meanwhile, highly capable threat actors are leveraging greater numbers of zero-day exploits, particularly as more organisations are implementing vulnerability management programs that decrease the number of exploitable vulnerabilities within their software ecosystems. Researchers are also observing growing numbers of attacks targeting software supply chains and managed service providers (MSPs). Once these environments are compromised, it’s relatively easy to breach the victim’s clients as well.

In addition, ransomware attacks continue to proliferate. Even though fewer ransomware attack victims were paying the criminals, the average ransom payment skyrocketed to a new all-time high of $408,644 in the fourth quarter of 2022. Furthermore, it’s important to keep in mind that the total cost of remediating and recovering from a ransomware incident is typically much higher than the ransom itself—as much as ten times higher, according to recent research from Sophos.

The widespread embrace of hybrid and remote work – along with greater reliance on the cloud – may have contributed to the current growth in cybercriminal activity and ransomware attacks. After all, attack surfaces expanded rapidly in organisations that were pressed to adopt remote work at speed. Many did so without extensive planning during the early days of the pandemic. 

Now that companies are moving from temporary, ad-hoc remote work adoption to longer-term flexible and hybrid working strategies, it’s imperative that they build out future-focused security strategies that can increase their resilience against today’s most prevalent threats—as well as those that are likely to predominate tomorrow.

Identity-driven Zero Trust provides a firm foundation for robust security strategies 

How can organisations see to it that hybrid work adoption doesn’t compromise the security of their data and technology assets? 

To start with, it’s imperative that the shift to hybrid work be accompanied with an embrace of modern security models that are ideally suited for today’s dynamic, largely cloud-based, digitally-transforming IT ecosystems. In today’s world, this means adopting an identity-first approach to Zero Trust. 

Zero Trust security models are based on moving away from “trusting” users and devices with a network perimeter, and instead involve verifying user and device identity and context before access is granted, regardless of whether apps are in the cloud or on premises.

By and large, network perimeters no longer exist, so identity is now the logical point of control. In an identity-first approach to Zero Trust, nothing is assumed and everything is verified.

When you leverage a modern identity platform to support this approach, security teams can have granular control over resource access. This makes it possible to decide exactly which users get access to specific resources – and when, and within which contexts – that access will be granted. The decision engine that manages this process of risk-based authentication can enable precise control without inconveniencing users or disrupting workflows.

Adopt passwordless authentication to boost hybrid workplace security

Even in yesterday’s office-based work environments, passwordless authentication methods offered superior security when compared to legacy password-dependent systems. And they offered better user experiences for employees as well. 

In today’s dynamic, work-from-anywhere world, going passwordless is all but essential to protect IT ecosystems from phishing attacks and the ever-present risk of credential compromise. With no more credentials to steal, this is something your security team will simply no longer need to worry about.

Plus, passwordless authentication can reduce the amount of time that users spend on login tasks by as much as 50%. Instead of needing to remember and re-enter their password each time they need account access, employees will be emailed a one-time link or code or offered the opportunity to verify their identity with a biometric trait such as a facial scan or fingerprint (if their device can support this capability). 

It’s also possible to register an employee’s device so that it’s instantly recognised by the Okta Identity Cloud, providing a completely passwordless experience that works across all browsers, desktops and mobile apps.

Transform employees into a human firewall 

It’s impossible to prevent human error 100% of the time, but that doesn’t mean that humans will always be the weakest link in your cybersecurity defences.  Cybersecurity training and education, especially if tailored to reflect the current threat landscape and to address the tactics that attackers have developed to target work-from-home employees, can empower employees to resist phishing and social engineering attempts.

The more visible your employee cybersecurity education program, the better end users will understand its importance to your organisation. This is one of the most powerful steps you can take to manage today’s pressing cyber risks.

Want to know more about what our research into the latest hybrid work trends revealed? Download The Okta Hybrid Work Report 2023 to explore our findings in greater depth. Or check out our Okta Workforce Identity solutions to learn how we’re making it possible for leading organisations to implement Zero Trust-based security while keeping their hybrid and remote employees happy and productive.