In 2021, during the first lockdown, 60 per cent of UK employees worked remotely. Now, with offices reopening, many businesses are struggling to balance supporting their employees who want to remain working remotely alongside encouraging staff to come into the office a couple days a week, writes Rodolphe Harand, VP of Sales at YesWeHack, which offers bug-finding bounties.
According to a recent YouGov poll, the British worker has spoken and favours having the opportunity to work remotely intermittently rather than an all or nothing approach. As such, companies across the UK are choosing to adopt a hybrid working approach to benefit from more productive and happy employees and an expanded talent pool.
However, with hybrid working becoming the norm, new pressures have been placed on business leaders to achieve a balance between providing employees with increased workplace flexibility while contending with a host of new security issues.
These complexities are falling onto IT teams to address. Below, we look at some of the cybersecurity challenges that hybrid working presents.
The challenge of using public networks
Safeguarding corporate networks has always been a high priority for IT teams. However, with the pandemic accelerating the number of employees choosing to work remotely, IT team concerns around secure connections have intensified. Particularly as more employees are likely to be using unsecured public Wi-Fi networks in places, such as coffee shops, hotel lobbies and libraries.
While this increased flexibility is great for employee wellbeing, organisations have little visibility on the security standards of these public networks and therefore little control over the security measures needed to safeguard confidential assets. As a result, cybercriminals are taking this as an opportunity to set up their own routers in public places so once an employee is connected, they can infiltrate said employee’s communications and have unfiltered access to their device and in turn, corporate assets.
As a result, breaching a public network is a far easier task for hackers than intercepting a well-protected company network. Think of it as a criminal having multiple doors to breach the frontier, rather than one reinforced front door. The recommended solution to tackling this problem is to mandate that employees use a Virtual Private Network (VPN). Using VPNs before signing onto a public network not only encrypts the employee’s internet traffic but also flags any infractions on the corporate network.
Social engineering attacks
Last year we saw an 85 per cent increase in online fraud, according to a report by software company Arkose Lab. The pandemic has further contributed to this by increasing the volume of social engineering attacks, which encompasses acts whereby hackers exploit human behaviour to trick individuals into sharing sensitive data.
Phishing is a common example of this. Phishing is when an individual receives an email supposedly from the company’s IT security team, asking them to share sensitive details such as passwords. Working remotely increases the likelihood of being susceptible to social engineering attacks as they rely heavily on human error and manipulation.
Hybrid working is also increasing employees’ reliance on digital communications. This is a factor contributing to employees’ increased susceptibility. For example, a new employee, who has been on-boarded remotely, is less likely to be able to identify legitimate correspondence coming from internal teams and more prone to a cybercriminal’s phishing email.
While anti-spam filters are a good place to start, the key for IT teams looking to protect their employees from social engineering attacks, is enacting cybersecurity policies and standards of behaviour for all staff to follow even when working remotely. This includes ensuring employees feel comfortable querying the source of an email, questioning irregularities and taking their time to check on communications they are unsure about.
Poor hygiene
Another major factor businesses should consider when designing their hybrid working strategy is the behavioural differences between employees based in the office, compared to them being at home. Employees are more inclined to engage in risky online activity when working remotely as they don’t feel as if they are being regularly monitored by the IT department. As a result, cybersecurity measures put in place for the protection of employees are less likely to be adhered to.
When it comes to cybersecurity, your employees are a crucial factor in securing your network and should always be the first line of defence. For this reason, organisations must ensure they are continuously investing in cyber awareness training while also providing the tools that support secure remote working.
No matter how advanced your cybersecurity tools are, if the right training is not provided to your employees, your defences are already less effective than they should be.
As hybrid working becomes increasingly established as the new normal, IT security teams must rise to the challenge of preventing and combating the associated security implications from a distance. As in the end, strong cyber resilience equates to strong business resilience.
