Before the pandemic, less than 30% of people in the UK had ever worked remotely. In April 2020, nearly half of UK employees worked at home.
Looking ahead, a wholesale return to office working is now out of the question.
Research by the Adecco Group UK&I found that 74% of employees believe a mix of office-based and remote working is the best way forward after Covid-19.
Hybrid working is the future.
So what does this mean for cybersecurity?
Increased cyber risk
Remote working can increase cyber risk.
Recent research from Netwrix found 60% of IT professionals identified new security gaps as a result of the transition to remote work in 2020. 63% reported an increase in the frequency of cyberattacks.
85% of CISOs said they had sacrificed cyber security to enable employees to work from home.
Why does remote working pose such a heightened risk?
Home working environment
When people work remotely, companies no longer control their working environment. This gives rise to several vulnerabilities:
1. Insecure home networks.
Home Wi-Fi networks can be insecure. Also, home networks are often connected to other devices. Links to Internet of Things (IoT) devices, for example, increase susceptibility to threats.
2. Personal device use.
Use of personal devices for work can expose businesses to pre-existing malware. Personal devices might also be shared with others, putting data at risk.
3. Isolation from colleagues.
Away from the office, employees have less face-to-face contact with their colleagues. This can make email scams more effective. In particular, criminals impersonating a company employee are more likely to succeed. Isolation also prevents colleagues from learning good security behaviours from each other.
These vulnerabilities linked with remote working increase cyber risk. At the same time, IT and security teams are under more pressure. Their time and resources are stretched more than usual. Problems are more disparate and harder to fix remotely.
Cyber security measures designed for office environments no longer work. A fresh approach is required to suit new working patterns.
Technology is part of the solution. Setting up secure remote access is key. IT teams can use virtual desktop infrastructure (VDI) to manage user desktops centrally. Identity and access management (IAM) technology can regulate access to resources.
But technology can only do so much to make hybrid working safe.
People and their behaviour remain central to cyber security. To reduce risks linked with hybrid working, improving security behaviour is key.
Companies can help by updating policies to reflect the new working environment. They can provide clear guidelines on the use of personal devices, for example.
But people can also learn to identify and act upon security risks themselves.
Traditional security awareness training tries to help people do this. But it often fails. And it certainly isn’t much use when employees are scattered far and wide.
Enter borderless security awareness, a new type of security awareness for remote workers. It’s interactive. It’s behaviour focused. And it engages with people as and when they need help.
Borderless security is the new approach required for the changing world of work. With this approach, people become a defence rather than a weakness.
Hybrid working need not be a headache for IT professionals. It’s all about having the right support and the right tools. With these in place, employees can enjoy greater flexibility at work without increasing cyber risk.