BSI advises cyber caution to organisations exploring new hybrid ways of working, during Cybersecurity Awareness Month

With Cybersecurity Month in full swing, the importance of having secure IT systems and effective cyber security practices in place for organisations developing a hybrid working programme has been brought to the attention of security professionals. 

Over the past 18 months, many have wondered what the next normal would look like once organisations began allowing employees to return to the office in the post-pandemic era. However, as many societies have successfully begun to manage the spread of COVID-19, where an employee spends their working hours can largely depend on the approach preferred by their employer.

For example, tech and telecoms companies have been found to be more in favour of remote or hybrid working than their counterparts in more traditional sectors such as financial services. Employees are now even beginning to leave their jobs to find an employer willing to allow them to adopt a more flexible approach to working. This trend has been dubbed the ‘Great Resignation’, and is becoming more prevalent in countries across the globe. In fact, a recent survey found that over a third of respondents would quit their job if forced to work from an office full-time again.

While remote or hybrid working allows for a better work-life balance and increased productivity levels in many cases, it also adds to the risks and vulnerabilities that organisations must consider when designing and adapting cybersecurity measures.

Hybrid working has made IT systems and networks even more challenging to secure.

A recent survey conducted by Exonar found that, over a third (36%) of home workers have downloaded unapproved software onto computers to communicate with colleagues during homeworking. This, combined with the added difficulty of understanding global data governance and compliance laws, has substantially increased the number of opportunities for network breaches and security infringements to occur. In fact, less than half (39%) of those working from home claim to have a high level of understanding around their company’s data protection policies.

Even if employees spend only half of their working hours in their home offices moving forward, it presents a situation ripe with serious cyber security issues. Organisations adopting such hybrid models should be continuously monitoring and analysing systems for vulnerabilities to ensure that none of a network’s components fall behind on patching and update management.

READ: A pandemic and remote working: Cyber security under the microscope

Moreover, if employees are bringing their own devices into the office after using them when working at home, organisations will need to consider the reduced state of security that characterises most home networks and devices. Systems will need to be devised for device testing, and sanitisation procedures should be established before allowing unvetted devices to access a corporate network. As well as testing their devices, organisations should be testing their employees too – phishing attacks remain an easy route into corporate networks which makes employee awareness training pivotal in helping employees to spot these attacks and other types of malicious cyber activities that could potentially lead to ransomware attacks, data breaches and system failures within their organisation.

The move to hybrid ways of working is not the only reason organisations now need to adopt more robust cyber security strategies.

The frequency, severity and sophistication of cyber-attacks have all increased substantially since the beginning of the pandemic. Given today’s cyber threat landscape and the emergence of new technologies, it is imperative that organisations have the correct protocols, policies and procedures in place to keep information safe, data secure, infrastructure robust and ultimately, make them resilient.

“With more than 20 years of expertise in cybersecurity, data privacy and business resilience consultancy, I’ve seen many different ways in which a weak approach to cybersecurity leads to difficulties and disruption, and most of these situations have stemmed from a lack of awareness,” says Mark Brown, Managing Director – Cybersecurity and Information Resilience at BSI.

“The advantages of working from home are just as appreciated by those looking to take advantage of a lack of cybersecurity in personal office environments. Educating the people that make up corporations is ultimately the best course of action and has become so much more important due to these new working models. That’s why we’re increasing what we can offer for organisations that work in this hybrid way, and why introducing and educating through our expansive portfolio of cybersecurity and information resilience services is so crucial.”

‘Secure by Default’ in the Age of Converged Security: Insights from IFSEC 2019

From data security to the risks and opportunities of artificial intelligence, the conversations at IFSEC International shape future security strategies and best practices. This eBook brings you exclusive insights from these conversations, covering:

• A Global Political and Security Outlook from Frank Gardner OBE
• Surveillance Camera Day: Tony Porter launches ‘Secure by Default’ requirements for video surveillance systems
• Using Drones to Secure the Future
• Autonomous Cars and AI: Relocating human incompetence from drivers to security engineers?
• The Ethical and Geopolitical Implications of AI and Machine Learning

Get your copy