The security fundamentals for a hybrid workplace
June 2021 by Mark Skelton, CTO at CANCOM UK&I
Business and employees have all but confirmed that a hybrid working model will become the dominant way of working following the pandemic. Despite a few road bumps, the transition to remote working has been successful, with many businesses beginning to see the potential to regain losses and match their pre-pandemic growth. Similarly, the vast majority of former commuters have embraced the remote working model so strongly that most employees don’t want to go back to the office full time again. The physical workplace is not dead, however, and will play an important part in rebuilding the economy. Office and remote working can and will exist to produce great results, but this will rely on the right IT investments being made at the right times. Namely, it is key that we do not repeat the mistakes that defined IT in 2020, in which rushed digital transformation projects traded the short-term ability to work from home, for long-term infrastructure and cybersecurity issues.
As businesses swiftly responded to lockdown measures and switched employees to a home working dynamic, so too did cyber criminals, who switched tactics to exploit COVID-19-related fears. Working from home quickly became a gateway to new forms of data theft. In a survey of workers from Deloitte, a quarter of respondents noticed an increase in fraudulent emails, spam, and phishing attempts since the beginning of the COVID-19 crisis. Fraudsters are watching behaviours, devising scams to fit perfectly into the ‘new normal’ – from false Microsoft Teams notifications to Royal Mail scams taking advantage of the increase in home parcel deliveries.
Given the speed with which we had to adapt to home working, it could be forgiven that corporate IT infrastructure was inadequate for a short time while people got used to the new way of working. However, those who are lagging behind with their security infrastructure could pay dearly. For those looking to a hybrid workplace model for the future, staff and data security is paramount.
Creating a security strategy involves several elements, one of which is staff education and ongoing training. With 52% of businesses admitting that employees are their biggest weakness in IT security, comprehensive education of the risks out there and how to spot them is an essential building block to a secure IT infrastructure. This training should be regularly updated to represent the changing conditions of the workplace. Cyber criminals will adapt; therefore, so must organisations and employees. Once a cyber defence has been deployed, it’s then crucial to regularly check that the security measures are effective. In 2020 in particular, many solutions were rolled out under significant time pressures and IT staff now need to evaluate these solutions and adjust them if necessary. If businesses now operate with more cloud-based storage, it’s fundamental to check that is this properly managed and protected from attacks. It’s crucial not to forget to validate the security of service providers, suppliers and partners too. After all, supply chain weaknesses can lead to major cyber and data breaches.
‘Going to work’ may never take on quite the same meaning as it did before, and business leaders must remember that there is not a one-size-fits-all approach that will meet every need. The process of hybrid working will require us all to learn and evaluate our own unique goals and challenges. Like all IT investments, this will also mean that strong foundations need to be laid around security and connection, with the entire team being involved in the process.