Hybrid working: six steps to managing cybersecurity and data privacy risks
As pandemic restrictions are eased and staff head back to the office, many will want to continue working from home for part of the week, raising cybersecurity concerns for employers
Hybrid working is set to become standard practice for most organisations as we slowly begin to emerge from the coronavirus pandemic. According to a May 2021 McKinsey survey, 90% of organisations intend to shift to a hybrid-working model, a combination of onsite and remote working.
Whether your staff are working in the office, at home, in shared working spaces, or anywhere else, you face numerous additional risks to the confidentiality, integrity and availability of your corporate information.
Many organisations that quickly moved to a remote-working model in early 2020 found there was simply not enough time to carry out suitable risk assessments before making such sweeping changes to their working practices.
The focus was on ensuring their services were able to continue, rather than considering the risks associated with the change. In particular, those that had little or no existing infrastructure to support home working found the situation challenging as they were exposed to cybersecurity risks they were unprepared for and often didn’t even understand.
Cybercriminals inevitably took advantage, launching phishing campaigns exploiting fear and uncertainty about the pandemic, and targeting vulnerabilities in popular software.
Perhaps most disruptively of all, there was a huge increase in ransomware attacks. According to SonicWall’s 2021 Cyber Threat Report, there was a 65% year-on-year increase globally.
Implementing suitable technical and organisational security measures is especially important when it comes to maintaining your compliance with data protection law. If you breach the UK Data Protection Act 2018 or the European Union General Data Protection Regulation, you could face fines of up to £17.5m (€20m) or 4% of your annual global turnover, whichever is greater.
UK regulators such as the Information Commissioner’s Office made allowances for the pressure the pandemic put organisations under. Now that restrictions are being lifted, however, they will be less lenient, so it is essential to act without delay if you are making hybrid working permanent.
“The pandemic has shown organisations they can operate with staff working from home,” says Alan Calder, founder and executive chairman of IT Governance, a leading global provider of IT governance, risk management and compliance solutions. “Indeed, there are many benefits. Staff are more productive, overheads are reduced, it’s easier to recruit from a wider talent pool and there is less impact on the environment.
“However, remote working is not without its challenges – one of the biggest is information security.”
So how can an organisation successfully implement a hybrid working model? Here is a six-step guide:
Step 1 - Assess your current organisational state to pinpoint any gaps and give you a starting point on what needs to be completed.
Step 2 - Prepare to put your new policies in place, which will provide a roadmap for day-to-day operations and ensure compliance with laws and regulations, give guidance for decision-making and streamline internal processes.
Step 3 - Train your staff, as they can often be your weakest link in the security chain, and implement an ongoing training programme to ensure they are aware of the emerging risks of working remotely.
Step 4 - Put cyber basics in place to stop the most common forms of cyber attack.
Step 5 - Implement privacy basics to ensure your organisation continues to be compliant with international regulations.
Step 6 - Think ahead and implement an ongoing, long-term security strategy so your organisation remains secure and compliant, even with the rising level of cyber attacks and data breaches.
If your organisation is yet to consider fully the security practicalities of mixing onsite and remote working, IT Governance can provide you with all the support you need, every step of the way, with its cost-effective cybersecurity-as-a-service and privacy-as-a-service solutions.
IT Governance’s cybersecurity consultants, legal experts and incident responders will become an extension of your organisation’s in-house IT department. They are your pre-packaged and comprehensive cybersecurity and privacy teams who come without the price tag and work 24/7 to make sure you are, and continue to remain, cybersecure and compliant – in the office, at home, wherever in the world you work.
Please contact us at www.itgovernance.co.uk/hybrid-working-solutions