Organizations need to strike a balance between securing their workforce and enabling productivity
For Chief Information Security Officers (CISOs) and their IT departments, the complexity of securing the modern workplace has increased in today’s hybrid reality. At the same time, there is a need to simplify these security protocols for employees so that they can do their best work, no matter their location.
The world of work has become more complex for IT departments and their security teams. From remote and hybrid structures to company-owned versus bring-your-own-devices, securing today’s modern workplace is infinitely more complex than it was three years ago. And then there is the state of flux between employees and employers – the lasting effects of the Great Reshuffle. With new team members onboarding and former ones departing, IT teams have a lot to juggle in a modern workplace that will never look the same again.
It’s this new dynamic that organizations in the Middle East and Africa (MEA) cannot afford to ignore. Microsoft’s 2022 Work Trend Index found that 43 percent of the global workforce are considering changing jobs or exiting their industry altogether in the coming year. This trend looks set to continue with 56 percent of employees in the GCC expected to change employers. There’s a range of factors that’s causing people to re-evaluate their current jobs. Stress, work culture and flexibility are big considerations. In Gallup’s most recent State of the Global Workplace report 39 percent of employees in sub-Saharan Africa and 45 percent in the Middle East and North Africa (MENA) said they felt stressed. In addition, 12 percent of employees in MENA and 16 percent in sub-Saharan Africa said they did not feel respected at work. It’s these sentiments that are driving employees to look elsewhere.
IT’s Great Reshuffle conundrum
This shift in work is creating blind spots for security teams within organizations. In fact research from Carnegie Mellon University’s CyLab, with support from Microsoft, found that nearly 70 percent of surveyed organizations had experienced five malicious insider threat incidents in the last year and more than half (58 percent) had over 10 inadvertent or data misuse incidents. The data and security risks of reshuffles like this are clear when you consider the exposure that can occur with a mix of departing employees and new team members unfamiliar with the organization’s security and compliance policies.
Initial instincts might see cybersecurity teams restricting employee access or aggressively punishing small errors. However, this is not the best course of action and organizations rather need a solution that lends employees the access they need while providing IT teams with tools to quickly identify risky insider activity. Striking this balance is critical when implementing an insider risk program and can create a culture of empathy that empowers employees to work safely and independently.
One approach is to empower security teams to detect and act on malicious and inadvertent activities in your organization. This differs from a traditional security procedure of preventing sensitive data from leaving your organization. With the help of insider risk management in Microsoft 365, security teams can leverage machine learning to correlate signals around risky user behavior and identify which activities may result in data theft or leakage. These insights help security teams to identify potential concerns and can help accelerate time to action.
In the case of Turkish bank Yapı Kredi, the organization deployed Microsoft Teams to its 16,000 employees during the pandemic to enable uninterrupted, secure communication and a modern collaboration experience for remote working. Today, the solution not only enables nearly half the workforce to work remotely, but it also ensures the highest levels of security expected from a bank.
In order to achieve this, Yapı Kredi worked closely with Microsoft on its Teams governance program to identify features to be activated, apply security restrictions, meet network needs and comply with corporate and holding company standards by setting authorization levels. Azure Active Directory manages access and identity among staff, while the Microsoft DLP solution ensures that data flowing from all endpoints is subject to strict rules. Access security is ensured at the highest level using multi-step authentication on mobile and non-bank devices. Through this optimal Teams configuration, Yapı Kredi ensures seamless, reliable operations end to end that allow employees to do their best work uninterrupted.
This minimal disruption to the workday is vital for today’s modern workplace, and for organizations hiring new staff, a smooth onboarding is becoming increasingly more important. In fact, 69 percent of employees are more likely to stay with a company if they experience great onboarding.
For financial services company Rodel, being a small to medium-sized business (SMB) meant it didn’t always have the capacity to focus on its day-to-day IT requirements, let alone the complex process of onboarding new staff, and outsourced this to Microsoft partner NETCONFIG. Using Microsoft Intune, NETCONFIG can centrally manage Rodel’s security policies and user settings, and easily update these on a new device. This has reduced the set-up time for new team members’ devices from hours to minutes.
With hybrid work taking hold within the region, organizations rely on communication and collaboration tools to empower employees to do their best work. At the same time, they need to manage risk in communications to protect company assets, fulfil regulatory compliance obligations, and detect code of conduct violations. Organizations can excel in this environment by selecting the right technology and business outcomes partner to secure the workplace of the future.