The COVID-19 pandemic accelerated major changes in the way we work. While remote working was on the rise before coronavirus struck, the hybrid office has since turned into a worldwide phenomenon – and there appears to be no turning back.
Whilst hybrid offices naturally have multiple benefits, one of the major drawbacks is increased susceptibility to cybercrime. In fact, cyber attacks are increasing, with remote workers vulnerable simply due to a lack of education. When a remote worker doesn’t know how to protect themselves and their network against an attack, your entire business could come under siege – especially if your employees are dividing their time between their home and the office. Indeed, 68% of business leaders currently believe that their cybersecurity risks are growing.
In this article, we take a look at how you can educate your staff on the importance of cybersecurity in the hybrid office.
Cybersecurity at Home is Down to Your Employee
When an individual works from home, they should assume the responsibility when it comes to protecting sensitive data online. No longer can they rely on their employer to keep them safe while working.
The issue is that cyber criminals know how vulnerable remote workers are. They seek to exploit weak Wi-Fi security, a lack of firewalls, laptops that are shared between friends and family, as well as poorly secured mobile devices.
Not only does this jeopardize the remote worker, it also puts your company’s data at risk when the worker brings poorly secured devices into the office that have already been compromised.
Cybersecurity education in the hybrid office, then, starts with the remote worker at home. They need to understand the importance of using antivirus software to prevent malware from infiltrating their systems, as well as the importance of keeping their systems and programs up to date.
They also need to take it upon themselves to beef up their home Wi-Fi’s security. This means changing their password to something more complex, as well as changing their router’s default password. Just by changing these two passwords, the remote worker can make life more difficult for a hacker who’s looking to access their device via their web traffic.
Your team can also secure their privacy with a VPN, which can be essential for certain types of remote work. A VPN secures their remote connection and encrypts their data, thereby blocking anyone who isn’t permitted to access their web traffic from doing so.
Raise Awareness Of Phishing
Phishing has never gone away. But since phishing is one of the oldest forms of cyber attacks that was defined back in 1996, it might be surprising to learn that 2020 saw 2.02 phishing websites launched on Google.
It’s an astounding number that begs the question: How are people still falling for phishing scams?
Psychologist Daniel Kahneman says it comes down to human psychology, and that phishing emails use clever “emotional tactics” to disarm us, and cause us to make flippant unsound decisions.
And because home distractions are rife in a hybrid office, it’s much easier for a remote worker to make a hyper-fast, unsound decision, especially if they’re under pressure or feeling stressed. Indeed, human error was involved in 85% of data breaches last year. The problem with phishing is that all it takes is one click for a remote worker to lose everything – and to take the business down with them.
This is why it’s so important that you educate your team on the perils of phishing. Here are some tips to give your team:
- Phishing emails are deceptive and anyone can fall for a scam. But a suspicious email typically has telltale signs, including poor grammar and bad spelling
- Consider what is being asked. Does this sound realistic/plausible? Does it make sense to you?
- Check the email address of a send. Often, a phishing email will assume the identity of someone you know, which is why it can be so easy to fall for it. However, a quick check of the sender’s email address will confirm whether or not this email is genuine
- Report any suspicious emails immediately
It’s also important that you constantly remind your team to be aware of phishing scams, and you can do this in virtual meetings (for example).
Vet All Third Party Providers
It might be the case that a remote worker uses a tool of their own to help them complete their work at home – and then, as a hybrid worker, they bring it into the office with them.
This can cause unique security issues because not all third party tools are safe to use. While the companies themselves that produce the tools aren’t nefarious, it’s sometimes the case that they haven’t put in place up-to-date security measures. As such, some tools are more vulnerable to cyber attacks than others.
It’s really important that you communicate to your team the importance of vetting any third party vendors in your network. To that end, draw up a list of tools used by you and your team. Then, identify how much data you share with these tools/third party vendors, and how sensitive it is. Next, take a look at each tool closely – what security methods have they put in place? Does their commitment to online security match yours?
You should do this with any tool your team is using that you weren’t previously aware of. Make sure you’re all on the same page so that your organization is only using apps and tools that have been properly vetted for security.
There may even be instances where you can build – for example – your own chat app from scratch that has end-to-end encryption, and which is therefore guaranteed to keep your communications safe and secure. This is just one way of ensuring control over the security of your applications and tools.
The hybrid office brings with it unique benefits and unique challenges, with one of the main challenges being that of the threat of cybersecurity – as well as how you educate your staff about how they can help to keep cyber attacks to a minimum.
Essentially, your whole team needs to work together on this. There can be no margin for error, either at home or in the office, and it’s important you hold annual meetings that reiterate ways to deal with and prevent attacks, as well as what should be done in the event of a shutdown.