Hybrid work is in high demand. A recent return to the workplace survey by Envoy and Wakefield Research shows that nearly half of employees (48%) want to be able to work in and out of the office. With the COVID-19 vaccine rollout underway in the US, companies need to work quickly to secure a flexible work environment.

Right now, you have an opportunity—and the executive buy-in—to make improvements to your programs at scale. Conducting a security assessment will give you a big-picture view of your company's preparedness for hybrid work. It'll reveal security gaps and help you prioritize improvements to mitigate risks. Armed with a framework, you can perform an assessment in three straightforward steps.

Step 1: Identify stakeholders and involve them early

Working closely with cross-functional partners will help you get important points of view before, during, and after the assessment. These folks will ensure you have access to the people and technical resources you need for the assessment.

You may need to include people in:

• Compliance
• Workplace
• Facilities
• HR
• IT
• Executive leadership

Consider hosting a kickoff meeting with stakeholders before you start the security assessment. Get people together to chat about roles, responsibilities, and timelines. Aim to paint a clear picture of the goals you want to accomplish and how each stakeholder can help.

Step 2: Create a scoring system

A security assessment requires you to evaluate your security across pillars and workplaces. To do that, you need to develop a scoring system. Let's take a look at what you need to do to create one.

Part 1 - Identify threats

Establish a list of security threats that fall under each pillar, starting with physical security. Then move on to people security, data security, and so on. Make sure each list includes threats specific to hybrid work.

Answering the question, "what's the worst that can happen under this pillar?" will help you identify the most significant threats. Don't forget to get stakeholder feedback, so other opinions are represented.

Part 2 - Develop a scoring system

A scoring system is a tool you'll use to grade your hybrid work security. It'll categorize workplace security risks by likelihood and severity. If you don't want to create a custom system, you can use the one below.

Step 3: Do the security assessment

Now that you've identified threats for each pillar and created a scoring system, you can complete the security assessment matrix. Below is an example of how a completed matrix might look. Check out this guide for step-by-step instructions on how to conduct the assessment.

Understanding the results

Once you've filled out the matrix, the results of the assessment should show:

1. The strengths and weaknesses of your security for each hub

2. The strengths and weaknesses of each security pillar across all hubs

Here, "hub" refers to a hybrid landscape that includes a physical workplace as well as remote locations near it where employees do work.

Say Hub 1 scores well for infrastructure security. You can use this hub as a model to scale this pillar's security programs to other hubs. Poor scores across a single pillar could reveal a systemic issue. For example, you may be missing critical training programs that teach employees how to identify and mitigate cybersecurity threats. 

How to prioritize improvements

You won't be able to address every threat at once, so you should have a plan of action to guide your team's focus. You might consider listing out the work you need to do in order of priority. For example:

• 1st priority: Intolerable Risks - These are the risks you can't put off. Failing to address them could put business continuity at stake.

• 2nd priority: High Risks, Critical Risks – These risks are important to address. They may have a serious and lasting impact on your company.

• 3rd priority: Moderate Risks – These risks may impact business operations but they won't cause lasting damage.

Alternatively, you could focus on a particular hub or pillar. Once the hub scores well across pillars you can scale its security programs to other hubs.

Conducting an assessment is an essential step to strengthening your security in the era of hybrid work. Using the framework above will help you identify and prioritize critical improvements. Just as important, it'll align your cross-functional team on the work it needs to do to keep your company safe and secure. 

Envoy can help you keep your company safe and secure in a hybrid work environment. Get in touch to learn more.