Brian Sims
Editor
Brian Sims
Editor
WITH CYBER Security Awareness Month now upon us, the importance of having secure IT systems and effective cyber security practices in place for those organisations developing a hybrid working programme is, according to the British Standards Institution (BSI), “thrown into sharp relief”.
Over the past 18 months, many business have wondered what the ‘new normal’ would look like once organisations began allowing employees to return to the office in the post-pandemic era. As many societies have successfully begun to manage the spread of COVID-19, precisely where an employee spends their working hours can largely depend on the approach preferred by their employer.
For example, tech and telecoms companies have – somewhat unsurprisingly – been found to be more in favour of remote or hybrid working than their counterparts in more traditional sectors such as financial services. Employees are now even beginning to leave their jobs to find an employer who’s willing to allow them to adopt a more flexible approach to working life.
This trend of wide swathes of the workforce leaving for other opportunities has been dubbed the ‘Great Resignation’ and is becoming more prevalent in countries across the globe. In fact, a recent survey found that over 33% of respondents would quit their job if they were to be forced to work from an office on a full-time basis once again.
Adding to the risk
While in many cases remote or hybrid working allows for a better work-life balance and increased productivity levels, it also adds to the risks and vulnerabilities that organisations must consider when designing and adapting their cyber security measures.
Hybrid working has made IT systems and networks even more challenging to secure. For example, in a study conducted by Exonar, 36% of home workers stated that they’ve downloaded unapproved software to computers in order to communicate with colleagues during homeworking. Combined with the added difficulty of understanding global data governance and compliance laws, this has substantially increased the number of opportunities for network breaches and security infringements to occur.
In fact, less than half (39%) of those working from home claim to have a high level of understanding around the data protection policies adopted by their present employer.
Even if employees spend only half of their working hours in their home offices moving forward, it presents a situation ripe with serious cyber security issues.
Monitoring for vulnerabilities
Organisations adopting such hybrid models should be continuously monitoring and analysing systems for vulnerabilities to ensure that no element of a network’s components falls behind on patching and update management.
Moreover, if employees are bringing their own devices into the office after using them when working at home, organisations will need to consider the reduced state of security that characterises most home networks and devices. Systems will need to be devised for device testing, while bespoke sanitisation procedures should be established before allowing unvetted devices to access a corporate network.
As well as testing their devices, organisations should also be testing their employees. Phishing attacks remain an easy route into corporate networks which makes employee awareness training pivotal in helping those employees to spot these attacks and other types of malicious cyber activities that could potentially lead to ransomware attacks, data breaches and system failures within the host business.
The move to hybrid ways of working is not the only reason organisations now need to adopt more robust cyber security strategies. The frequency, severity and sophistication of cyber attacks have all increased substantially since the beginning of the pandemic. Given today’s cyber threat landscape and the emergence of new technologies, it’s imperative that organisations have the correct protocols, policies and procedures in place to keep their information safe, their data secure, their infrastructure robust and, ultimately, to make them resilient.
Difficulties and disruption
“I’ve seen many different ways in which a weak approach to cyber security leads to difficulties and disruption,” explained Mark Brown, managing director of cyber security and information resilience at the BSI. “Most of these situations have stemmed from a lack of awareness.”
Brown went on to comment: “The advantages of working from home are just as appreciated by those looking to take advantage of a lack of cyber security in personal office environments. Educating the people that make up corporations is ultimately the best course of action and has become so much more important due to these new working models. That’s why we’re increasing what we can offer for organisations who’ve determined to work in this hybrid way, and why we firmly believe that introducing and educating through our expansive portfolio of cyber security and information resilience services is so crucial.”
More effective, more secure
The new hybrid working model has many benefits. Moving back to a full five-day, office-based working environment so soon in a post-pandemic environment certainly has its potential pitfalls, but with the right contingencies and fail-safes in place, new approaches to hybrid ways of working can become a more effective and secure way of working for organisations looking to the future.
The BSI’s Consulting Services for Cyber Security and Information Resilience is specifically tasked with providing cyber risk advisory and security testing services for clients, looking at areas including data privacy, compliance and governance as well as niche capabilities like e-discovery and e-forensics.
In addition to these core services, a large number of new and enhanced services directed at overcoming the threat involved with emerging technologies such as Artificial Intelligence, machine learning, 5G, Blockchain and industrial security are also offered and include (but are not limited to) OT and Internet of Things security, penetration testing technology arenas such as infrastructure, network application, attack simulation and red teaming exercises.