Hybrid working security risks

It turns out that many businesses and offices can still operate when employees are working from home. Cue employees shouting from the rooftops, “We told you so!”.

Now, just as companies have thoroughly smoothed over remote working logistics and employees have switched to a new routine, restrictions are lifted and working from the office is an option once again.

But companies have now realised the answer to the new situation isn’t black or white, it’s grey. The best of both worlds. A more flexible model of working. A hybrid of working in the office and working from home.

However, a hybrid approach brings a greater reliance on technology, which increases your company’s risk of cyber security vulnerabilities.

What is hybrid working?

What does hybrid working mean?

Defining hybrid working is a more flexible working arrangement, where an employee can split their time between the company workplace and working remotely.

Although flexible work practices were driven by the COVID-19 pandemic, even before the pandemic there was a growing demand for, and trend towards, more flexible working.

And there are plenty of reasons why hybrid working works well, for both the employee and the employer.

Benefits of hybrid working.

Let’s take an overview of just some of the benefits.

Hire from a wider pool of talent.

This is a key benefit for employers. You can attract and retain a more diverse workforce with the offer of hybrid working. High-calibre potential employees who live outside your usual catchment area are more likely to consider working for you if there’s flexible working available. Equally, you’re more likely to retain your valued staff if there’s a positive work-life balance on offer.

Improved collaboration.

Ironically, many companies find that a hybrid approach improves collaboration. Schedules can be planned to make the most of any face-to-face days at the office, and that collaborative time is valued more and spent more productively. Then, when deep concentration is required, employees can work remotely.

Staff satisfaction and wellbeing boosted.

Having a sense of freedom and responsibility about how and where employees work can help increase job satisfaction.

Having the flexibility to pick the kids up from school, go for a gym session or run at lunchtime, potter in the garden for a break. That feeling of responsibility, freedom, control and possibilities can increase employee happiness, improve wellbeing, reduce staff turnover and create a more driven and loyal workforce.

Increase productivity.

Some people thrive when working from home. Fewer office distractions and ad-hoc requests mean their productivity increases. However, for some, working at home can be equally distracting. Or they may need the structure of a formal working environment to produce their best work.

Hybrid working can meet the needs of both camps. There’s the option to work from home or go into the office as the employees and employers see fit.

Cyber risks in hybrid work environments.

However, although hybrid working presents many benefits, working from home means a greater reliance on technology. This, in turn, means there are some significant cyber security challenges to overcome.

Remote connectivity and infrastructure

To enable hybrid working, companies often rely on cloud technology and remote connectivity via VPN. Hackers know this. Hence the huge rise in cyber attacks on cloud services, VPN gateways and Windows RDP (Remote Desktop Protocol).

Public networks are more vulnerable.

Remote work security risks happen when staff may be accessing company servers or cloud technology over public networks. This opens up opportunities and vulnerabilities for cyber criminals to exploit.

Reliance on employees.

With hybrid working comes increase reliance on employees. Workers need to take more responsibility for their own cyber security. For example, strong passwords, maintaining version updates and handling sensitive information. They need to be more aware of cyber security and how their online, digital, mobile and IT-related behaviour can create vulnerabilities. Data shows that the number of phishing websites and activities has increased, especially via social media, as have ransomware attacks. This kind of cyber crime activity relies on user behaviour.

Home networks and devices.

Employees are moving between the relatively safe haven of secure office networks, firewalls, network monitoring, software patches, security policies, etc., and their potentially vulnerable home Wi-Fi networks, personal devices, weak passwords, lack of antivirus software, unsecured mobile devices, outdated equipment, unauthorized software and more.

Managing cyber risk in hybrid workplaces.

Yes, there are IT security management risks to hybrid working. But these can be managed through a mix of technical security controls and user behaviour training.

Develop security awareness.

Employers must enable their workers to become the first line of defence against cyber crime.

Employers need to educate, train and support their staff, making them fully aware of how their digital behaviour can affect company security. The security training and best practices put in place will help create a security-orientated culture, where working and behaving securely becomes second nature.

Invest in the right technology.

Simple(ish). Invest in a company VPN (virtual private network). This can be used (alongside RDP) to secure your communication channels between remote workers and the office. It’s like a secure data pipeline into selected areas of the office network. This allows the employees to access company data or particular machines or devices, all in a more secure way.

Implement a proactive security protection system.

Buying work-from-home hardware for employees can give an IT department more security control over remote working. They can more easily ensure all security and software updates are carried out regularly.

Also, consider…

-          increasing network monitoring activities

-          increasing penetration testing

-          incorporating a zero-trust model to control user authentication, identity management and access privileges, etc.

-          reviewing data backup and recovery protocols so if there is, for example, a ransomware attack, data can quickly be recovered.

What next?

Hybrid working, although a relatively recently evolved model of working, is here to stay. This makes it essential for businesses to ensure their cyber security processes are suitable for this new way of working.

There are plenty of benefits to hybrid working. But there are plenty of risks too. These can be handled with well-planned cyber security that mixes technical strategies and employee behaviour, awareness and training.

If you have any cyber security requirements, challenges or questions just give BlueFort Security a call on 01252 917000, email enquiries@bluefortm.com or use our contact form.