For Cybersecurity Awareness Month, BSI advises cyber caution to organizations exploring new hybrid ways of working
13 October 2021
As Cybersecurity Awareness Month continues, the importance of having secure IT systems and effective cybersecurity practices in place for organizations developing a hybrid working program is thrown into sharp relief.
Over the past eighteen months, many have wondered what the next normal would look like once organizations began allowing employees to return to the office in the post-pandemic era. However, as many societies have successfully begun to manage the spread of COVID-19, it has become the case that where an employee spends their working hours can largely depend on the approach preferred by their employer. For example, tech and telecoms companies have unsurprisingly been found to be more in favour of remote or hybrid working than their counterparts in more traditional sectors such as financial services. Employees are now even beginning to leave their jobs to find an employer willing to allow them to adopt a more flexible approach to working. This trend of wide swathes of the workforce leaving for other opportunities has been dubbed the “Great Resignation” and is becoming more prevalent in countries across the globe. In fact, a recent survey found that over a third of respondents would quit their job if forced to work from an office full-time again.
While remote or hybrid working allows for a better work-life balance and increased productivity levels in many cases, it also adds to the risks and vulnerabilities that organizations must consider when designing and adapting their organization’s cybersecurity measures. Hybrid working has made IT systems and networks even more challenging to secure. For example, in a recent survey conducted by our partners Exonar, over a third (36%) of home workers have downloaded unapproved software onto computers to communicate with colleagues during homeworking. This, combined with the added difficulty of understanding global data governance and compliance laws has substantially increased the number of opportunities for network breaches and security infringements to occur. In fact, less than half (39%) of those working from home claim to have a high level of understanding around their company’s data protection policies.
Even if employees spend only half of their working hours in their home offices moving forward, it presents a situation ripe with serious cybersecurity issues. Organizations adopting such hybrid models should be continuously monitoring and analyzing systems for vulnerabilities to ensure that none of a network’s components fall behind on patching and update management. Moreover, if employees are bringing their own devices into the office after using them when working at home, organizations will need to consider the reduced state of security that characterizes most home networks and devices. Systems will need to be devised for device testing and sanitization procedures should be established before allowing unvetted devices to access a corporate network. As well as testing their devices, organizations should be testing their employees too – phishing attacks remain an easy route into corporate networks which makes employee awareness training pivotal in helping employees to spot these attacks and other types of malicious cyber activities that could potentially lead to ransomware attacks, data breaches and system failures within their organization.
The move to hybrid ways of working is not the only reason organizations now need to adopt more robust cybersecurity strategies. The frequency, severity and sophistication of cyber-attacks have all increased substantially since the beginning of the pandemic. Given today’s cyber threat landscape and the emergence of new technologies, it is imperative that organizations have the correct protocols, policies and procedures in place to keep their information safe, data secure, infrastructure robust and ultimately, make them resilient. BSI is at the cornerstone of shaping such resilience, sharing and embedding best practice for organizations across the globe.
“With more than 20 years of expertise in cybersecurity, data privacy and business resilience consultancy, I’ve seen many different ways in which a weak approach to cybersecurity leads to difficulties and disruption, and most of these situations have stemmed from a lack of awareness,” says Mark Brown, Managing Director - Cybersecurity and Information Resilience at BSI.
“The advantages of working from home are just as appreciated by those looking to take advantage of a lack of cybersecurity in personal office environments. Educating the people that make up corporations is ultimately the best course of action and has become so much more important due to these new working models. That’s why we’re increasing what we can offer for organizations that work in this hybrid way, and why introducing and educating through our expansive portfolio of cybersecurity and information resilience services is so crucial.”
The new hybrid working model has many benefits and moving back to a full five day office-based work environment so soon post-pandemic certainly has its potential pitfalls. But with the right contingencies and fail-safes, new approaches to hybrid ways of working can become a more effective and more secure way of working for organization’s looking to the future. BSI's Consulting Services for Cybersecurity and Information Resilience is specifically tasked with providing cyber risk advisory and security testing services to clients, looking at areas like data privacy, compliance and governance, as well as niche capabilities such as e-discovery, and e-forensics. In addition to these core services, a large number of new and enhanced services directed at overcoming the threat involved with emerging technologies such as Artificial Intelligence, Machine Learning, 5G, Blockchain, Industrial security are also offered by BSI, including but not limited to OT and IoT security, penetration testing technology arenas such as infrastructure, network application, attack simulation and red teaming exercises.