6 Tips to Help Manage Security and Serenity in a Hybrid Era

We are living in a time unlike any other.

If not for yourselves in your roles, for many of your employees “work” had very clearly defined rules only a few years ago. Monday through Friday they would wake up at home, get dressed in their business attire, perhaps enjoy a hot breakfast at home—or at least a warm cup of coffee—and then would commute to work.

They would arrive at the office, make small talk with a colleague, and then settle in for the day. Eight, or so, hours later, they would turn their computers off and leave the office behind.

Fast-forward to 2023. All former, familiar, routines have gone out the window. Our everyday lives have been upended. It doesn’t really matter what caused it anymore, the residing fact is that it happened.

Whether in practice, or in business continuity requirements, most companies are hybrid now.

With hybrid companies come hybrid requirements, and managing our workplace security in this ecosystem has exacerbated an already complex mission. There are more concerns and there’s more to do than ever, with less restorative structure between our personal and professional lives.

So how do we break down the barriers and make things easier for ourselves and our teams amidst these daunting times with overwhelming requirements?

Below are some tips to help you manage security (and serenity) in the hybrid era:

3 Tips to Manage Security in the Hybrid era

1. Build an Army by Activating All Employees: With the ballooning threat landscape, it’s critical for each member of the organization to embrace defense strategies.

• Consider working with your CHRO/People counterpart on the executive team to implement a fun and rewards-driven way to get your employees to follow the rules.
• Psychologically speaking, extrinsic motivation is powerful. Perhaps even more so now that employees are more physically disconnected from each other.
• Collaborate with your counterpart on the People team to strategize a plan that combines tangible and intangible rewards.
• For example, pick a remote day to run a Phishing Threat Drill (don’t tell the org it’s a drill, of course). Then, give the team with the highest success rate some cool company swag (or maybe it’s a Starbuck’s gift card… understand your budget and work with your cross-functional leaders to get as creative and “fun” as possible). And don’t forget the intangible reward, e.g.: a shoutout at the next Town Hall.
• When you’re in the office, run a Trusted Insider Threat Drill and likewise, make sure the winning department gets an accolade (one that is as exciting as possible).

2. Focus on your Anchor Points: While it’s true that the CISO role emerged out of the tech function, we know all too well that the last decade has brought a dramatic expansion of responsibilities. Managing all of this can be daunting no matter how big your team is or who you report to.

• Try getting clearance from your CEO to task your Operations team with the responsibility of centralizing your company’s growth roadmap: incorporating intradepartmental plans, visions and tentpoles.
• This should help you to better manage your Anchor Points and should create a clearer field of vision as you build your moat against current and future TTPs.

3. Allocation of Budget: Managing threats becomes exponentially more difficult as more variables are added into the mix.

• E.g.: Employees accessing company data on their personal mobile devices, Applications inhabiting public Clouds and employees working in public places.
• Advocate for a framework to help mitigate variables.
• For example, make it a point to request that any employee working remotely has a physical privacy screen cover, ensure that employees are only using work-owned mobile devices, and work with your leadership peers to roll out a protocol that minimizes the threat of inadvertent information sharing in public places (or in an employee’s home if they have a handful of roommates around or guests visiting)—perhaps this is a requirement that headsets be used for all remote meetings.
• Ultimately, make sure your leadership commits to the budget needed to stand behind each of these measures by building a business case to illustrate the importance of the risk mitigation plan. Make sure they know what the risks may be if they don’t commit.

3 Tips to Manage Serenity in the Hybrid era

1. Compartmentalize: To restore balance while working from home, do your best not to blur your home-life and your work-life. (We know this is much easier said than done.)

• Much like when you would leave home to go to the office, try to create space between your professional “area” and your personal life.
• The same is true for tasks. Do not try to do it all, all the time. Your 9am – 6pm is for your work-related tasks and your meetings. It’s not the time to try to get in a quick home-related errand.
• Similarly, when 6pm rolls around: you must stop working. Do not bring your work to the dinner table, the gym, the couch, or the bedroom.
• Much like when you were in the office full time, make sure you have a clear “start” and “end” to the day.
• Yes, urgent items come up and must be responded to, but be clear with yourself, and your team, about what urgent means and what it doesn’t.
• This structure holds true for those on your team as well. This doesn’t work in a “rules for thee, but not for me” type of dynamic.

2. Get Some Fresh Air and Find your Watercooler Moment: Much like when you were in the office, you need to take small breaks to help your mind stay at ease and to decrease the likelihood of becoming overwhelmed.

• Doing so will help to make sure your brain has time to reflect on your goals and projects systematically.
• Block off time for the coffee break you’d otherwise take at work and for your lunch.
• On remote days, you have to find time for human interaction.
• Consider scheduling a virtual lunch with a colleague, in another department, or see if a neighbor is free to connect.
• Carving time out to think about something else will help to broaden your perspective and increase your creativity.
• Keep in mind, however, that this is not time for the laundry or for that quick errand—your brain needs time to decompress so that it can function optimally.

3. Level-set Expectations: In today’s constantly changing environment, the scope of enterprise threats is almost intangible.

• Get on the same page with your cross-functional leadership team about your organization’s definition of “mission critical,” “urgent,” “important,” and neutral.”
• Then group tasks and threats into these categories and make a roadmap. Get their sign-off and communicate candidly. Also make sure that your boss and Board are empowering you with the ability to do your best.
• Is your team large enough to handle the scope of “mission critical” and “urgent”?
• Do you have the right roles in place?
• Are your counterparts communicative enough?
• Being clear about what you can accomplish with what you have, and what you need in order to accomplish more, will help to alleviate stress and avoid inadvertently becoming a scapegoat.

Work is stressful and the game has changed dramatically. That said, bringing a determined mindfulness, clear boundaries, and open communication to your day-to-day has the power to exponentially increase your success rate and overall workplace satisfaction.

Give it a try and let us know your results.

Make sure you subscribe to Cyber Security Tribe today to catch all of our expert insight and the latest developments in the industry!