Hybrid Working and the Increased Risk of Cyber Attack
M-Tech Systems Ltd
Delivering innovative technology, dynamic security, forward-thinking managed services and agile solutions for 20+ years
Since 2020, many organisations across the UK have adopted a hybrid working model. Following the government mandate to work from home during the COVID-19 pandemic, numerous businesses adapted their technology overnight. This sudden change demonstrated that many office-based roles could be successfully performed elsewhere.
A hybrid working approach brings with it a greater reliance on technology; however, this increases a company’s risk of cyber security vulnerabilities. As hybrid working is now a normal working style, valid concerns have been raised around how secure this model is.
What does hybrid working really mean?
Hybrid working is a mix between office and remote working. There are plenty of reasons why this model works well for both companies and employees.
Even before COVID-19 hit there was a growing increase in employees working more flexibly. Two years into the pandemic, and arguably on the other side of it in the UK, the trend has spread and looks like it’s here to stay. The contrast to office working doesn’t have to mean working from home either, it can mean working wherever works best for that employee. This forms an added security consideration as location therefore become a variable, not a constant.
Online security fears have increased with hybrid working styles
In a poll of 1,000 UK firms, more than half believe remote working has left them open to cyber attacks. Within this research by the?British Chambers of Commerce?and Cisco, “Four out of five firms said they did not currently have accredited cyber-security measures in place to protect against attacks.”
These survey results are similar in nature to the UK Government’s?Cyber Security Breaches Survey 2021, where, “Four in ten businesses (39%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months.”
The benefits of hybrid working
Hybrid working has been widely discussed in many formats, so we won’t cover the topic in much detail here. In short, businesses can save on office costs and employees can save on transport costs. There are of course many more complexities, including:
Hybrid working should meet the needs of both parties; it’s flexible and adaptive, meaning there is no one-size fits all.
The cyber risks of hybrid working
While hybrid working has many upsides, it also comes with added risk from the increased dependence on technology. We’ve detailed some of the vulnerable areas below.
Organisations are often reliant on cloud hosted services or remote connectivity via VPN. These services are essential to enable hybrid working. Hackers know this, which has led to targeted cyber attacks on cloud services and VPN gateways, etc.
Remote employees aren’t always limited to what network they can work from. Some staff may be accessing company servers over public networks with unknown security. Cyber criminals can then target and exploit these networks.
Hybrid working relies heavily on employees. They need to become more aware, vigilant and hold greater responsibility for their own cyber security. Workers should use strong passwords, maintain version updates and think about where and how they’re accessing or sharing sensitive information. Staff security awareness is essential and explained further?in this blog post. Certain cyber crimes rely on user behaviour, so by educating the users you can make best attempts to alleviate this.
领英推荐
Create strong policies to counteract attack points. Employees are moving between highly guarded office networks, firewalls and connectivity to their unsecured home networks, personal devices, weak passwords, old equipment, illegitimate software and lack of antivirus.
Cyber security measure for hybrid workplaces
Yes, there are plenty of cyber security risks involved with hybrid working but these can be managed. Here are a few things to think about when considering going hybrid.
Help your employees to become the first line of defence. Employers need to educate, train and support their staff. If the company has a security-orientated culture, acting securely can become second nature. Staff will be fully aware of how their behaviour can affect company security. See our?4 Tips for Building a Positive Cyber Security Culture.
Control the way employee devices are used with software. Keep your organisation’s data protected and isolated from personal data.
Multi-Factor Authentication?(MFA, also known as two-factor authentication) identifies an online user by validating two or more claims presented by the user, from different categories of validation. This process adds an extra layer of security to the login process.
Endpoint security provides protection against emerging cyber threats for your organisation’s PCs and laptops, no matter their location. Advancing this, Unified Threat Management (UTM) is a single security solution which includes the essentials of endpoint and device protection (your typical anti-malware solution), content filtering and web filtering. UTM is part of our?Top 9 IT Security Must-Haves for 2022.
The ‘zero-trust’ model recognises trust as a vulnerability. It aims to enable the right person to have immediate access to the resources they need, while eliminating the risks of unauthorised access.
Review your policies and protocols to ensure your data can be quickly recovered and operations resume if there is, for example, a successful phishing attack.
Keep your hybrid business operations secure
Although it’s a relatively recent working style, the hybrid model does look like it’s here to stay. It is essential you review your policies and tools to ensure they’re suitable. The benefits can outweigh the risks if you have a well-planned cyber security strategy, combined with awareness training.
The list above is an overview and not extensive. We’d be happy to discuss a full range of security options with you in detail. If you have any cyber security requirements, challenges or questions just?get in touch with M-Tech here.