Hybrid working has changed how people approach cybersecurity
Many organisations over the past few years have turned to hybrid working arrangements to stay productive. But, as their work styles change and adapt, so must their cybersecurity strategies to make sure they’re equally responsive.
Moving away from the office often means moving away from stringent cyber processes and security. In the ‘old’ settled ways of the physical office, employees typically used a small range of company branded tools. Now, organisations are using a myriad of partnerships to support hybrid ways of working and employees are turning to a range of collaboration tools to complete tasks throughout the day.
Although great for productivity, these tools often lack company branding – making it harder for employees to detect “Indicators of Fraud” and easier for cyber attackers to infiltrate the organisation. What’s more, facilitating working from anywhere has meant removing some security prohibitions, weakening an organisation’s security posture. And compounding all of this, departments have often had to embrace new technologies and tools quickly, with no time for meaningful training or security checks.
‘Working from anywhere’ means the attack surface is growing
One thing that hasn’t changed, however, is the presence of malicious threat actors looking for an opportunity to exploit an organisation’s cyber vulnerabilities. Cyber criminals are still trying to gain access to cash, data, intellectual property and sensitive information that they can leverage for geo-political influence or commercial gain.
The attack surface is constantly widening to include all the communication channels we use in our day-to-day life – and that means the volume of attacks is increasing. Attacks like phishing, insider threats, Ransom Denial of Service (RDoS), exploiting poor network security and targeting employees to gain network access remain the most common.
Organisations need a strong human firewall
Defending your organisation against attack requires all team members to be vigilant and to continuously practice good cyber hygiene. This helps to create the first line of defence at the edge of your network: the human firewall.
The best way to help implement a strong human firewall is through training and awareness. Start by making poor security practice harder by putting guard rails on your system. For example, use filters for web searches and email click throughs that block access to risky sites. Then, follow this up with training and coaching that helps your teams to behave safely online. From here, make sure everyone is up to speed on your cybersecurity policies and procedures, with regular refresher sessions where possible.
It’s also important to create a working environment that recognises people are busy, juggling multiple tasks and devices at any one time, and that this inevitably means it’s easy to make mistakes. It’s something the cybercriminals are banking on and it’s critical that you make your people feel comfortable to flag anything they’re concerned about - including where they might have inadvertently introduced a risk to the organisation. Flagging mistakes early is the best way to help IT teams contain the threat.
Three steps the human firewall must know
As part of your training, it’s vital employees learn to assume nothing, question everything and verify all. Before clicking, opening or downloading – everyone on the team should remember to:
From emails to last minute schedule changes, meeting reminders and programme updates - no matter how legitimate or urgent - employees should pause and ask: ‘Is what I’m being asked to do normal?’ and ‘Is there anything strange about this communication?’.
Teams should receive training in how to practice good cyber hygiene in their physical environment, too. Keeping laptops and devices in safe places at home, setting screens to ‘sleep’ when walking away from a workspace and making sure that there’s no sensitive information which could be ‘on camera’ in the background of video calls are all key learnings.
Your employees can be your biggest asset – or your biggest liability. With the right culture, awareness and training, they will become your greatest defence against cyberattack.