Cyber Security and Hybrid Working

by
hybrid working

Although there are Big Tech CEOs (Rushe, 2022) and Conservative ex-ministers (Ambrose, 2022) who do not like their subordinates working from home, or even sleeping at home (Clayton & Derico, 2022) – either for reasons of efficiency or wanting them to buy coffee for the sake of the economy – many employees are voting with their feet and choosing jobs with hybrid working.

47% of employees say they would likely leave their job if it didn’t offer a hybrid work model once the pandemic ends

Jillian Smith -Envoy Survey (Smith, 2021)

There are benefits for both the employer and the employee – less commuting, better work-life balance, lower utility costs at smaller offices, happier staff to name but a few on both sides. (Kirkham, 2022)

Of course, because we are interested in cyber security, we are going to look at some of the downsides of hydrid and remote working and think about some fixes for the issues.

You still need to be responsible for hybrid working cyber security – first step a VPN

VPNs – virtual private networks – I have written about these before and here are the links:

Do you have a “work from anywhere” policy? We’ll start with a VPN.

More about VPNs

To get this done either buy a service in – I have used CyberGhost for many years and I am very happy with the privacy and security it offers – or set your own up (if you need help with that get in contact with us). I use both.

Next step – multi-factor authentication (MFA)

Make sure multi-factor authentication is enforced on any systems used for hybrid working, and I do mean check. We have found client staff who had MFA set up and then disabled it later. If a system does not offer MFA then enforce a strong password policy (and check). One question though – why doesn’t that service have MFA and why are you still using it as part of your hybrid working? Have you examined the risks and benefits and other providers?

Something you know, something you have or something you are.

Remember the risks of phishing and social engineering cyber attacks

Lone workers at home are ideal targets of opportunity for email and text phishing attacks. Awareness training about these and other types of cyber security attacks and risks is essential if your organisation is to remain secure.

Why Should I Bother with Cyber Security Training for My Team?

When your technical cyber security fails you…

Sharing

This follows on nicely from the previous point. Do not make the life of a hacker easier by over sharing on social media and other public platforms. Be mindful of what you say – wishing the CEO a happy holiday on “Twitinstaface” will not make you employee of the month but may encourage a hacker to try a bit of BEC (business email compromise). More on that here:

Why I do not like “Meet the Team” web pages

The Out-Of-Office Email and How It Compromises Your Organisation’s Cyber Security

More steps…

Be vigilant. Use monitoring and reporting systems.

Use the principle of least privilege.

Encourage your people (wherever they work) to report anything suspicious.

Do not run a “blame culture” – that will always help the threat actors and undo any training.

I have only covered the highlights here, the next steps are up to you and your cyber security team or consultants. To be effective whatever hybrid cyber security you put in place has to complement that which you already have in other parts of your business and also be workable by your staff.


Clive Catton MSc (Cyber Security) – by-line and other articles

Please Note: I have a number of commitments running up into the New Year so there will only be posts on Thursdays until 2023.

References

Ambrose, T. (2022). Jacob Rees-Mogg says civil servants must return to the Office. The Guardian. Retrieved December 7, 2022, from https://www.theguardian.com/politics/2022/apr/19/jacob-rees-mogg-says-civil-servants-must-return-to-the-office

Clayton, J., & Derico, B. (2022). Elon Musk turns Twitter into ‘hotel’ for staff. BBC News. Retrieved December 8, 2022, from https://www.bbc.co.uk/news/technology-63897608

Kirkham, A. (2022). What is hybrid work and why do employees want it? Envoy. Retrieved December 7, 2022, from https://envoy.com/blog/what-is-a-hybrid-work-model/

Rushe, D. (2022, June 1). Elon Musk tells employees to return to office or ‘pretend to work’ elsewhere. The Guardian. Retrieved December 7, 2022, from https://www.theguardian.com/technology/2022/jun/01/elon-musk-return-to-office-pretend-to-work-somewhere-else

Smith, J. (2021). Envoy survey finds employees want companies to embrace hybrid work, mandate covid vaccines. Envoy. Retrieved December 7, 2022, from https://envoy.com/blog/envoy-survey-finds-employees-want-companies-to-embrace-hybrid-work-and-mandate-covid-vaccines/

Further Reading

The Impact of Remote and Hybrid Working on Workers and Organisations (UK Parliament Report)

The Rise of Hybrid Working in the UK – HR News

You Still Need Great Cyber Security Even When You Are Working Anywhere

Contact us for consultation

Wake up to cyber threats..

Cyber Security and Hybrid Working Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close