Hybrid Working: how has the new work model impacted cybersecurity? 

Over the last 2 years, businesses have had to move fast to adapt to the pressures of the pandemic; one of the primary developments we’ve witnessed has been an increased shift towards hybrid working. Hybrid working is a more flexible working arrangement, in which employees split their work time between the office and home.  

As highlighted by Microsoft at the close of 2021, data showed that 81% of enterprise organisations had begun the move toward a hybrid workplace. With such a significant shift toward the hybrid work model, it’s essential for businesses to understand the cybersecurity implications of remote working and the ways in which you can protect your business interests.  

Security Implications  

Whilst hybrid working can provide a number of benefits to businesses – such as a more diverse employee pool, increased productivity, greater flexibility, and boosted wellbeing – it can also provide more cybersecurity concerns to your IT team. Here we’ve highlighted some of the primary concerns you should be aware of when implementing a hybrid work environment:

• Unsecured Networks: there are two primary threats posed by unsecured networks – public network use, and unsecured home WIFI. Remote working staff may attempt to access company and cloud servers via public networks, this provides ample access opportunities to cybercriminals. Similarly, unsecured home WIFI networks don’t provide adequate security to protect your company’s data when employees access your servers – at minimum home WIFI networks must be password protected. There has been a noted rise in cyber-attacks on cloud services and VPN gateways. 

• Device usage: again there are two primary threats associated with device usage – personal device use, and lost equipment. Thanks to the mobility of modern technology, it’s proved much easier for employees to work flexibly from remote locations, however, this increases the risk of lost work devices in public spaces. Lost devices pose a threat as they can easily fall into the wrong hands, compromising your company’s data. Personal devices can cause an issue as they are not easily monitored by company admins; whereas work devices can come pre-installed with corporate software that enables admins to wipe lost or compromised devices, personal equipment does not. This means that if a device does fall into criminal hands, it is out of the safety net provided by your company’s security software.  

• Targeted criminal attacks: when working from home, employees can be more distracted than when working from the office, this makes them much more susceptible to targeted attacks such as ransomware and phishing scams. Employees must be aware of personal cyber security and how their online, digital, and IT-related behaviour can create vulnerabilities for their employer. This issue can be enhanced by lacklustre patching – often employees frequently neglect to patch system updates as they underestimate the vulnerabilities of an outdated system!  

Security Solutions  

Businesses can implement what Microsoft have termed the ‘Zero Trust’ approach, based on minimising privileged access, increasing explicit verification, and assuming breach to minimise attacks. Microsoft specifies that the minimum number of users necessary should have admin access to sensitive data, also suggesting businesses verify end-to-end encryption in tandem with analytics to drive threat detection and improve defences. With a robust security plan in place, your business is less susceptible to attack and more prepared to rectify issues in the case of a breach.  

Businesses can also minimise threat risk by providing employees with VPN access, and put in place strict policies surrounding personal device usage. Many enterprises have opted to provide employees with work devices, preventing the mix-up of personal and corporate equipment.  

Arguably one of the most effective preventive cybersecurity measures is providing users with expert-led cybersecurity training. At Fitzrovia IT, we are able to provide security training, simulate phishing attacks and assess organisations’ overall user awareness. Simulated attacks provide an excellent method of preventative action, assessing which users are susceptible to future attacks and providing them with the tools to recognise and report similar incidents in the future. With awareness, employees can minimise attempted breaches, and thus protect your business and your client’s data.  

Going Forward  

It’s clear to see how hybrid working practices can benefit an enterprise, but how they can also provide security concerns for IT specialists. Employees must be made aware of the increased threat level induced by home working – and take adequate steps to protect themselves and their employer.  

If you want to bring in our IT experts to provide cybersecurity training to your team, or if you want to further discuss the implications of hybrid working, contact one of our team today.