We're building value and opportunity by investing in cybersecurity, analytics, digital solutions, engineering and science, and consulting. Our culture of innovation empowers employees as creative thinkers, bringing unparalleled value for our clients and for any problem we try to tackle.
Empower People to Change the World®
Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber attacks happen and how to defend against them.
Learn how we’re driving empowerment, innovation, and resilience to shape our vision for the future through a focus on environmental, social, and governance (ESG) practices that matter most.
Our 32,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Workplace safety is top of mind right now. And for those returning to physical offices, protecting employees from the spread of COVID-19 is front and center. But digital risks need more attention, too—especially when 45% of companies are reportedly adopting hybrid work models that feature remote work.
The post-COVID workforce is becoming more “3D”—distributed, digital, and diverse. In the case of the first two Ds, vast opportunities for global recruitment and flexibility are accompanied by ever-evolving security challenges, especially for organizations that deal with extremely sensitive information.
Remote work can heighten cyber risks by reducing physical protections, expanding user access to compromised access points and/or networks, and providing organizations with fewer insights into user behavior when employees are not connected to corporate networks. Virtual private networks (VPN) and virtual desktop infrastructure (VDI) may offer a sense of protection, but they are no guarantee of safety. What’s more, the National Security Agency has warned that VPNs are at risk of attack if proper security is not maintained.
Cyber risks fall into three categories: human error, external attacks, and insider threats. Human error could include employees being negligent with security protocols (opening phishing emails or downloading unauthorized content, for example) or losing a device (or having one stolen from them). External attacks, which accounted for the largest share of data breaches in a 2020 review, involve outside system access through extortion, forced breach, or device hacking. Insider threats are deliberately perpetrated actions by employees.
Having a large share of one’s workforce operating remotely at any given time increases risk by reducing oversight of employees and security systems, creating less visibility into how staff are managing security and whether they are demonstrating trustworthy behaviors.
To counter internal and external cyber threats, chief information officers and other executive leaders should focus on two imperatives.
Both measures require buy-in from senior leaders and other key stakeholders to be effective. But a proactive cybersecurity strategy can help organizations harness the immense benefits that hybrid and remote work models offer in terms of expanding talent pools, promoting a healthy work-life balance, and increasing productivity.