22 Feb Balancing security and productivity in the workplace
Zubin Chagpar, Business Group Leader: Microsoft Middle East and Africa, looks at the Great Reshuffle and how organisations can maintain security without compromising productivity.
The world of work has become more complex for IT departments and their security teams. From remote and hybrid structures to company-owned versus bring-your-own-devices, securing today’s modern workplace is infinitely more complex than it was three years ago.
And then there is the state of flux between employees and employers – the lasting effects of the Great Reshuffle. With new team members onboarding and former ones departing, IT teams have a lot to juggle in a modern workplace that will never look the same again.
It’s this new dynamic that organisations in the Middle East and Africa (MEA) cannot afford to ignore. Microsoft research has found that 43% of the global workforce is considering changing jobs or exiting their industry all together in the coming year. In the GCC alone, 56% of employees are expected to change employers, according to Hays.
This shift in work is creating blind spots for security teams within organisations.
IT’s Great Reshuffle conundrum
According to research from Carnegie Mellon University’s CyLab, nearly 70% of surveyed organisations had experienced five malicious insider threat incidents in the last year, and more than half (58%) had over 10 inadvertent or data misuse incidents. The data and security risks of reshuffles like this are clear when you consider the exposure that can occur with a mix of departing employees and new team members unfamiliar with the organisation’s security and compliance policies.
Initial instincts might see cybersecurity teams restricting employee access or aggressively punishing small errors. However, this is not the best course of action and organisations rather need a solution that lends employees the access they need while providing IT teams with tools to quickly identify risky insider activity.
Striking this balance is critical when implementing an insider risk program and can create a culture of empathy that empowers employees to work safely and independently.
One approach is to empower security teams to detect and act on malicious and inadvertent activities in your organisation. This differs from a traditional security procedure of preventing sensitive data from leaving your organisation.
Insider risk management solutions, for example, enable security teams to leverage machine learning to correlate signals around risky user behavior and identify which activities may result in data theft or leakage. These insights help security teams to identify potential concerns and can help accelerate time to action.
Equally pivotal is choosing the right collaboration tool that both enables remote work and ensures the highest levels of security. Turkish bank Yapı Kredi, for example, worked closely with Microsoft on its Teams governance program to identify features to be activated for the bank’s 16,000 employees, apply necessary security restrictions, ensure relevant network needs are met and comply with corporate and holding company standards by setting authorisation levels. This enabled uninterrupted, secure communication and a modern collaboration experience for remote working.
For financial services company Rodel, being a small to medium-sized business (SMB) meant it didn’t always have the capacity to focus on its day-to-day IT requirements, let alone the complex process of onboarding new staff. They outsourced this function to Microsoft partner NETCONFIG, who leveraged the cloud-based mobile device management and mobile application management tool Intune to centrally manage Rodel’s security policies and user settings, and easily update these on a new device. This has reduced the set-up time for new team members’ devices from hours to minutes.
A safe, modern workplace
With hybrid work taking hold within the region, organisations rely on communication and collaboration tools to empower employees to do their best work. At the same time, they need to manage risk in communications to protect company assets, fulfil regulatory compliance obligations, and detect code of conduct violations.
Organisations can excel in this environment by selecting the right technology and business outcomes partner to secure the workplace of the future.