Hybrid work is no longer an exception—it's the norm. As New Zealand businesses adapt to the realities of distributed teams, security strategies must evolve beyond the traditional perimeter model. Cybercriminals are actively targeting remote endpoints, cloud assets, and collaboration platforms, making hybrid security one of 2023’s top priorities.
Zero Trust security architecture continues gaining traction. The principle of “never trust, always verify” ensures that every user and device is authenticated, regardless of location. SMBs adopting Zero Trust benefit from minimized attack surfaces and improved breach containment.
With employees working from home, cafes, and co-working spaces, device visibility is critical. Deploy endpoint detection and response (EDR), enforce disk encryption, and establish remote wipe capabilities. Mobile Device Management (MDM) and Unified Endpoint Management (UEM) platforms help maintain control.
Multi-factor authentication (MFA), single sign-on (SSO), and identity governance reduce the risk of credential theft. Role-based access control (RBAC) ensures users only access the data they need—nothing more.
Hybrid work relies heavily on cloud collaboration tools. Secure Microsoft 365, Google Workspace, and other SaaS platforms with conditional access policies, audit logs, and secure configurations. Shadow IT remains a concern—conduct regular cloud discovery scans to identify unapproved apps.
Split tunneling, home routers, and unmanaged networks introduce new vulnerabilities. Businesses should deploy secure remote access via VPN or ZTNA (Zero Trust Network Access) and offer employee training on home network safety.
Information is now accessed from more locations and devices than ever before. Data Loss Prevention (DLP) tools detect and block unauthorized data transfers, especially sensitive client or financial information. Classify and tag data to apply DLP policies effectively.
Phishing remains the most common attack vector. Human error continues to play a significant role in breaches. Invest in continuous security awareness training, simulated phishing campaigns, and a culture that encourages reporting mistakes without blame.
Ensure your compliance posture reflects hybrid risks. For NZ firms, this includes adherence to the Privacy Act 2020 and the use of secure storage for personally identifiable information (PII). Audit trails, encryption, and retention policies are key pillars.
Perform regular cyber risk assessments specific to hybrid work configurations. Incorporate input from HR, IT, and department heads. Prioritize risks based on business impact, not just likelihood.
Cybersecurity isn’t set-and-forget. Monitor events across cloud, endpoint, and network. Implement SIEM and SOAR platforms, even if scaled-down versions tailored to SMB needs. Visibility is the first step toward resilience.
Eduardo Wnorowski is a Technologist and Director at Virtus Group Ltd.
With over 28 years of experience in IT and consulting, he brings deep expertise in networking, security, infrastructure, and transformation.
Eduardo helps New Zealand businesses navigate change with clarity, security, and trust.
🔗 Connect on LinkedIn