Count me among those who believe that there will be no full-scale, full-time return to office buildings for many people in 2022 and beyond. I imagine that those who still have an office at all (as many shuttered during the pandemic) may come in to work for no more than a couple of days per week, and only if there is a true benefit to in-person collaboration. For most employees, even just a day in the office each month, with a social activity attached, might be all that is needed to reinforce a sense of belonging to a team and to enhance camaraderie, even if our workforce is a distributed one. By my math, that leaves far more work days out of the office than within it, which means that, as we look ahead to 2022, companies will have to come to terms with the implications of “work from anywhere” on workforce security.
As we consider security in a distributed workplace that includes people’s private homes, favorite coffee shops, and beyond, here are the key factors that are top-of-mind for me in 2022:
Companies need to up their game with regard to security controls for home networks. Being on an out-of-office network in any form is a risk. While companies give their employees guidance on how to keep their work laptop safe, like by not clicking unfamiliar links or by using anti-virus software, there are not many controls in place in a home environment aside from a reliance on good faith.
Laptops that are toted back and forth between a corporate office and a home office need to be secured differently depending upon the network being accessed, as do any connected devices. We’ve all heard about the risks of letting our spouse play games on our laptops when we aren’t working and how that unintentionally can let malware on the machine. There are many ways to address this, from strict lockdowns of machines so that this is not possible to enforcing anti-virus. Or, imagine a scenario in which an employee is printing confidential legal contracts at home, and a child who needs paper for a school project grabs a sheet from that pile. (Any parent who has ever worked from home knows how often this happens!) Security breaches aren’t always due to malicious hackers. How do we lock down our home office life to make sure that our work product is as protected at home as it is at work?
Companies and employees are going to need to be more open to BYOD strategies. Long rejected as a “substandard” security approach, bring-your-own-device became the standard for many companies. But how do you secure devices that don’t conform to your corporate standards? Providing employees with options, from employer provided security tools to a virtual desktop option that can be used from any BYOD device may be one way to make sure that employees have access to the resources they need in a secure manner.
Companies need to be aware of the security posture of their vendors. Companies need to know what controls their vendors have on their vendor’s work-from-anywhere staff. Vendors are going to have to be more open with regard to their processes and controls, and customers are going to have to accept that vendors really are doing the right thing for their business. At the end of the day, both want the same thing: to stay in business and support their customers.
We cannot let our guard down; companies must be more vigilant with regard to ransomware, especially to retain cyber insurance. What companies saw in 2021 was just a warning sign. There will be way more ransomware in 2022, and companies without good security controls on their workstations, both in and out of office, will be the ones hit the hardest. After almost two years of working through a pandemic, we are all pretty worn out. The bad guys aren’t, though. They’re getting better and better with their attacks, as evidenced, in part, by the increasing amount of risk-averse behavior from cyber insurance companies. Rates are doubling, and some companies even are being refused insurance altogether for not keeping their environments secure enough. I think it’s possible that 2022 is the year that we see a major impact to, or even the loss of, a major player due to ransomware. As Boards and CFOs are (finally?) pushed to really pay attention to and fund the necessary improvements to their internal security, cyber insurance firms are a necessary player in the cybersecurity infrastructure. The interplay between ransomware and cyber insurance in 2022 will be quite something to watch.
Companies need to be mindful of the security implications from the ongoing chip shortage and the expansion of the Internet of Things. The chip shortage impacts everyone. Will companies be able to secure the chips they need in order to enable their growth? How will all of those embedded systems providers support the growth of smart homes? To do so, will they have to start obtaining their supplies from dubious players? Undoubtedly, companies need to start paying attention to the hardware and firmware coming into the cloud now. Higher end GPUs, like those in use by cloud providers, are built on strong chips. IoT devices and embedded systems are built on inexpensive mass produced chips. If suppliers start obtaining these chips from dubious sources, malware might be built right into the chips (an issue with Huawei for a long time). Guarding against such potential security breaches by securing sound hardware is essential.
Companies must notice everyone who is working for them, regardless of where they are located, and pay increased attention to equity. With more people working from home, companies stand to open up their employment base to a lot of folks who couldn’t get into an office before. More diversity in the workforce is always a good thing. Let’s make sure we’re fully supporting a workforce for all abilities with technological supports such as transcription and closed captioning for those who need it, noting that it is more secure to provide such accessibility tools in-house. As well, we know that millions of women stepped out of the workforce during the pandemic and that men are more likely to be in-office. Companies are going to have to be careful not to reward only those who are most visible. There also may be a widening economic divide between those who come into the office and those who do not. Recent graduates with mountains of student loan debt might choose to work virtually so that they can live more affordably. Companies would be wise to consider how to build relationships and careers with those who choose to work remotely for whatever reason so that existing gender and economic divides don’t widen. This is where companies like RingCentral can step in as a big part of the solution: mobile, flexible, scalable communications and collaboration tools exist to bring together a distributed workforce — which is what 2022, and much of the future, will bring.
