The pandemic-related lockdown of 2020 marked a permanent alteration in the working landscape. Its disruption of the way we function within work highlighted that flexible working is here to stay, not just an option, but a necessary element of the working environment.
We’ve entered an era where hybrid working, where employees work from a combination of home and in centralised office, is becoming a norm for certain types of workers – basically those whose use of IT makes it practical to work remotely. Home working isn’t an option for those in retail, manufacturing, and other manual tasks. McKinsey estimates that home working is practical for around 20 percent of the workforce, stating: “The potential for remote work is highly concentrated among highly skilled, highly educated workers in a handful of industries, occupations, and geographies.”
During the peak of the pandemic in 2020, when travel was restricted and working face-to-face discouraged, many employees shifted from operating within the office to the comfort of their homes. This boom in remote working was entirely dependent on information technology giving workers access to the tools and information they needed to continue their work remotely.
As the world transitions back to a normality, corporations are beginning to adopt a hybrid working model, whereby employees function both remotely and within the workplace. To demonstrate the significance of hybrid working, Microsoft’s 2021 World Trade Index reported that 66% of companies considered ‘redesigning office space for hybrid work’, while 73% of employees wanted ‘flexible work options to continue’.
The advantages for employer, employee and the environment are clear; for the employer, a saving on expensive office space and resources; for the employee, the avoidance of an expensive and time-consuming commute, and a better work/life balance; and for the environment, a reduction in polluting vehicle journeys and congested city centres.
However, this style of working introduces a myriad of challenges for companies, with complications in terms of cyber-security producing many challenges for Chief Information Security Officers.
The 2020 Verizon Business Data Breach Investigation Report exposed these problems and highlighted the increase in cyber threats. For instance, cyber attacks in the form of ‘phishing’ alongside business email compromises accounted for 67% of all breaches, with web application breaches doubling to 43%.
In addition to this, an article on Raconteur outlined that access to corporate data from individuals working from home has significantly increased since 2020, with ‘sensitive financial information’ being included in this. This leaves home workers open to be targeted by cybercriminals through ‘dedicated malware campaigns that exploit social engineering’.
Despite these shocking statistics, Verizon Business claims that there is a wealth of options available to tackle these breaches and to aid with further securing company assets for hybrid/remote workers. In 2021 we saw companies build their long-term security solutions as an attempt to efficiently implement a more secure hybrid workforce. Corporations began placing much more emphasis on cyber security.
Security Issues
With the lines between home and work life being blurred and security risks becoming more of an issue for companies utilising hybrid working, it is imperative that businesses become more aware of the solutions available.
Educate your employees
Employee behaviour is a fundamental issue causing further difficulties within a hybrid model, with employees utilising their work devices for tasks that are unrelated to work, e.g., checking personal emails. Despite this action seeming harmless, there is no protection against personal email services, thereby exposing work devices to malware that is blocked via work emails, as they aren’t protected by corporate email gateway scanners. In addition to this, workers may allow other people than themselves to use their work laptops. The problem becomes worse when employees, rather than being supplied with company devices, are invited to ‘BYOD’ – Bring Your Own Device.
Rather than blaming your employees for breaches that could arise from hybrid working, have security and IT teams educate your hybrid workers about potential hazards that they may encounter and what they should/shouldn’t do. Building their awareness on the significance of security correlates with a proposed theory that Dr Ian Pratt, the Global Head of Security of HP stated. He claims that data security is more geared towards detection, while attention should be placed more on preventing the issue arising in the first place. Ensuring your employees are well equipped and provided with systems that are secure means that the ‘hybrid experience is secure at every endpoint’.
SIGN UP TO OUR NEWSLETTER
We do not sell our lists, and you can easily unsubscribe if you so wish.
Implement a Zero Trust network
A zero-trust network involves securing an organisation by removing the concept of implied trust and constantly requesting individuals to verify/authenticate themselves before accessing company networks. This theory is rooted in the ‘never trust, always verify’ mindset, which enables companies to manage who has access to their networks.
Utilise Multi-Factor Authentication (MFA)
Employing an MFA system has proved to be essential for corporations in order to have a secure network. This system works by utilising two or more authentication factors in order to verify a user’s identity and give them access to a companies system. Using a MFA safeguards businesses from hackers, as it ensures a user is who they really say they are.
Maintain Your Antivirus
In terms of antivirus and computers given to employees, it is imperative that the PCs/Laptops provided to them have up-to-date software, that is regularly updated. This is a preventative measure and another component to further enhance your businesses security, as it ensures that PCs are at a lower risk of becoming infected by a virus.
This point relates back to educating your staff, as it is important to remind your employees of the various ways phishing occurs, and is a good step to lay the foundation of long-term security policies.