By Tejpal Bedi
The hybrid workplace model has become a defining aspect of the modern business landscape. This new way of working has opened the door to organisational transformation. While companies were sceptical about the efficacy of hybrid work, it is now becoming clear that it can hold many benefits, such as improved employee engagement and productivity, a larger talent pool for hiring, and reduced operating costs. But this shift also poses new challenges for companies in terms of connectivity and network infrastructure that can support the hybrid work model. The need for a new approach to security has also never been more pressing; companies must rethink their strategies to protect their employees, infrastructure, and data in this new environment. But what’s the best way to approach this?
The hybrid future
With the rise of remote work, businesses have had to adapt to new ways of working and collaborating – and cloud technology has played a crucial role in making this transition possible. The cloud has enabled employees to access company data and applications from their own devices, allowing them to work from anywhere – all they need is an Internet connection. It has also allowed businesses to take advantage of the cost savings, flexibility, and scalability of cloud services.
More importantly, the cloud provides a level of cyber resiliency for hybrid work. More robust security measures can be implemented, such as multi-factor authentication and data encryption. And, with cloud-based data storage and backup, companies can ensure their data is safe and secure in the event of a cyberattack or other disaster. Many cloud providers have dedicated teams that specialise in cybersecurity, providing an extra layer of protection for companies. In Kenya, where roughly two-thirds of companies face a talent shortage of cybersecurity professionals, this often proves to be a lifesaver.
New approaches to cybersecurity
In 2021 alone, Africa lost $4 billion (roughly 10% of the continent’s combined GDP) to cybercrime, with the top five threats being online scams, digital extortion, compromised business emails, ransomware, and botnets. Every year, cyberattacks are increasing in number and sophistication. With the shortage of security professionals in Africa, and the fact that cyberattacks often target smaller organisations that have fewer resources dedicated to cybersecurity, it has become crucial that every organisation – big or small – takes a proactive approach to adequately protecting themselves.
To mitigate these risks, companies need to adopt newer security strategies that are designed for the hybrid world of work. Zero-trust frameworks, for example, are becoming standard practice. Built on the principle of ‘never trust, always verify’, a zero-trust framework requires authentication and verification for access to company resources. This approach is particularly relevant in a hybrid work environment where employees are accessing company resources from various locations. A zero-trust framework ensures that only authorised users have access to sensitive information, regardless of their location, and that all access is logged and auditable.
To further protect companies, managed service products such as a Server Access Service Edge (SASE) and Distributed Denial of Service (DDoS) protection can also be implemented. SASE is a security solution that integrates network and security functions, such as firewall, VPN and CASB, and provides secure access to cloud services. DDoS protection protects against DDoS attacks that aim to disrupt the availability of a website by overwhelming it with traffic. Considering that Kenya experienced the highest volume of DDoS attacks on the African continent in 2022, it is vital that organisations have services like these in place to mitigate the very real risks of cyberattacks in 2023.
The importance of employee upskilling
An organisation can only be as secure as the people who have access to its critical resources, which is why it’s so important that employees are aware of the risks associated with working in a hybrid environment. Now, more than ever, employees should be equipped with the necessary skills and knowledge to protect themselves and their company. This includes basic cybersecurity practices such as using strong passwords, keeping software updated, and being vigilant about social engineering tactics such as phishing scams. Companies should also invest in employee training and awareness programmes to ensure that employees are up to date with the latest security practices and technology.
Securing Africa’s future
The rise of the hybrid workplace model has certainly brought about new challenges for companies in terms of connectivity and security – but also new opportunities for those who can navigate this transition safely and successfully. Kenyan companies that have not done so already must begin adopting new security strategies and technologies that are designed for the new hybrid world of work. And, if they don’t have the expertise to do so, they should seek out the right technology partners who can help them stay ahead of today’s evolving cyberthreats and provide professional guidance on their journey to digital transformation.
(Tejpal Bedi is the MD at SEACOM East Africa).