Hybrid working is here to stay
According to a recent McKinsey survey, 90% of organisations intend to shift to a hybrid working model after the pandemic.¹
However, Tessian’s Back to Work Security Behaviors Report found that more than a third of employees have picked up bad security habits while working from home during the pandemic.²
Whether your staff are working in the office, at home, in shared working spaces or anywhere else, you need to manage their security risks.
This is especially important when it comes to maintaining your compliance with data protection law. If you breach the UK DPA (Data Protection Act) 2018, UK GDPR (General Data Protection Act) or EU GDPR, you could face fines of up to £17.5 million (under the DPA 2018 and UK GDPR), €20 million (under the EU GDPR) or 4% of your annual global turnover – whichever is greater.
Regulators such as the ICO (Information Commissioner’s Office) made allowances for the pressure the pandemic put organisations under. Now that restrictions are lifting, however, they will be less lenient, so it is essential to put the necessary security measures in place if you are making hybrid working permanent.
If your organisation is yet to consider the security practicalities of mixing on-site and remote working, we can provide all the support you need.
How to stay secure with a dispersed workforce
Security risks associated with staff working away from the office include:
Most malware is delivered via malicious attachments or links in phishing emails. Unfortunately, remote working makes it harder to spot phishing attacks.³
BYOD (bring your own device)
If staff use their own devices, you have little to no control over how they are configured, potentially putting your corporate network at risk the next time the device connects to it.
Whether staff use their own or work devices, they need to keep them secure. This includes physical security as well as keeping antivirus and anti-malware software up to date.
Wi-Fi and remote access to corporate networks
If staff use public Wi-Fi or their home networks to connect to the Internet, security features that you would take for granted in the office might not be available.
Passwords and authentication
Weak and reused passwords are a common point of intrusion for cyber attacks.
Many organisations rely on third-party Cloud services to communicate and collaborate. Using them securely is critical to securing your corporate data.
Free download: Hybrid Working: Managing cyber security
and data privacy risks
Download our free guide to hybrid working security to find out
more about how to stay secure wherever you work.
Key areas to consider
How can you ensure your sensitive data remains secure?
How do you ensure staff are keeping your organisation’s sensitive data secure while working away from the office?
Test your systems:
Identify and evaluate your security vulnerabilities with our CREST-accredited penetration testing services. We can test your internal and external infrastructure, and review vulnerabilities within your web applications and remote access systems.
Is your organisation still as responsive to security incidents?
Now that staff are working more flexibly, they might not be as responsive when it comes to security incidents. How quickly could your organisation identify a breach, contain it, and return to business as usual?
Track how your data is used:
Monitor how data is used throughout your organisation, both by employees and third parties, with BreachTrak™ and receive alerts when data has been misused so you can take action quickly.
Deploy effective cyber incident response plans:
The speed at which you react to an incident is critical to your recovery. Drawing on incident response standards such as ISO 27035, we will help you implement an incident response management programme, ranging from identifying gaps in your current plans and carrying out exercises, to staging a ‘rehearsal’ incident and providing emergency support.
Does your organisation still comply with international data transfer rules?
The number of people moving abroad while continuing to work for the same company has increased. If your staff are accessing sensitive data overseas, can you ensure your organisation complies with international data transfer rules under the DPA 2018 and GDPR?
Understand how the latest data transfer rules affect your business:
Get an overview of the UK GDPR, the role of the supervisory authority, how to lawfully transfer data in and out of the UK after Brexit, and the practical implications of the DPA 2018 and GDPR on your business.
Map the flow of your data:
Get a complete view of how personal data flows through your organisation, ensuring your processing complies with the DPA 2018 and GDPR at every point in the data lifecycle, and quickly identify transfers that might impede your compliance.
Keep up-to-date with all our latest tips, free resources and market leading security solutions to make sure your staff are secure wherever they choose to work.