The global Covid-19 pandemic has caused a massive shift in the way businesses work. Even after all restrictions were lifted, many businesses have continued to operate on a hybrid working basis. After all, once you have invested in changing your infrastructure to allow for remote working, you don’t want to spend more money switching it back to a 100% office environment. Plus, with more and more people demanding flexible working the hybrid model is here to stay. Whilst it has many advantages for businesses, the biggest problem with hybrid working is cyber security.
What is hybrid working?
The hybrid working model sees some or all employees split their time between home and the work environment. The extent of this split and the requirement to come into the office vary from company to company, but in general hybrid working means each person is working on at least two different devices, two internet connections and logging into the systems they need to access from at least two locations. With this in mind, let’s look at why hybrid working increases the risk of cyber attack.
Why does hybrid working increase cyber risks?
Employees use their own devices to carry out their work. From mobile phones to tablets, laptops and desktops, unless your company is providing the hardware, you can expect your team members to use their own devices when working from home. This means they are logging into your company networks and systems via devices and internet connections that may be insecure, giving cyber criminals an easy route to your company data and systems.
Employees are using more third party applications – as much of your workforce collaboration will now be taking place with people in different locations, you can expect to use more third party apps to facilitate communication. If these apps are insecure, or users don’t change the default cyber security settings they could present vulnerabilities.
Remote workers often ignore cyber threats – when away from the work environment and out of the watchful eye of your in-house IT teams, workers may ignore cyber threats, or use their work devices to carry out personal tasks. One of the core ways that cyber criminals can attack and steal your vital data is via phishing emails. In the 2020 Verizon Business Data Breach Investigations Report, it was revealed that phishing and business email compromises made up 67% of all data breaches. Most malware is delivered via links or attachments in phishing emails and unfortunately these attacks are more difficult to spot when people are working outside of the workplace.
What can your business do to mitigate cyber threats whilst following a hybrid working model?
- Use a VPN (Virtual Private Network) to allow remote workers to access your company IT resources. VPNs encrypt data in transit, thus making the process more secure. You just need to ensure your VPNs are always patched and up to date.
- Ensure remote workers use antivirus software to protect their work devices or any home device that will be used for work purposes. Consider providing written guidance or ‘how to’ guides on what you expect from people when they are working from home, as this will not only keep your business secure but also your employees and their personal information.
- Enforce 2FA wherever possible. 2 Factor Authentication, or Multi Factor Authentication (MFA), is a process of having a secondary passcode to login to a system, programme or application. It ensures that the user is the rightful user as in addition to presenting their username and password they will also have to produce a secondary one time passcode from their mobile device or authenticator app.
- Ensure all workers use secure passwords that haven’t been used before and that are updated whenever required. One of the easiest and simplest ways for cyber attackers to strike is by hacking an easy password, particularly if it is used for more than one application, as this gives them multiple ways to access your systems and data.
- Share information with your hybrid workers about the risks of phishing emails, how to spot them and how to report them. The more informed your teams can be, the better equipped they are to spot and prevent a possible attack.
- Offer clear guidance on the use of removable media, such as USB drives, as these can be an easy way to infect work systems with malware that has been initiated from a home computer. Many businesses only allow drives supplied by the organisation to be used, or insist on strict antivirus protection on all work and home devices.
Contact Matrix IT for help securing your hybrid working practices
Matrix IT can help secure your IT networks and business data. Whether your employees work onsite, at home or a part of a hybrid working model we offer a suite of cyber security solutions to protect your business against the latest cyber threats. We’re Cyber Essentials certified and can help your business to achieve and implement Cyber Essentials and Cyber Essentials Plus certifications.
For more information on hybrid working or if you’re interested in any of our other services, please contact us via email or phone us on 01329 888444.