How Hybrid-Remote Working Will Affect Cybersecurity

  • By Laura Brooks
  • 29 September 2020

When the world went into lockdown, ways of working changed forever. 

Mandatory remote work arrangements meant people had to find ways to get their jobs done in their homes and most of us quickly settled into a new rhythm of work. Now, after months of being away from the office, the so-called “new normal” is starting to feel, well, just normal. Employees don’t want to give up the level of flexibility and autonomy they’ve come to experience.  

In fact, according to our latest report, Securing the Future of Hybrid Working, just 11% of UK and US employees said they’d want to work exclusively in the office post-pandemic, with the average employee wanting to work from home at least two days a week. And, over a third of people said they wouldn’t even consider working for a company if it didn’t offer remote working in the future.

Keep reading to find out:

  1. How IT leaders think remote and hybrid working will affect cybersecurity
  2. What these new set-ups will do to IT teams’ workloads
  3. How business’ can balance flexibility and security

Remote, office-based, or a bit of both? 

Businesses have some big decisions to make. Do they encourage employees to come back to the office post-pandemic, or opt for a fully remote workforce? 

For many, a hybrid model – where employees can split their time between working in the office and anywhere else they’d like – appears to be the best option for the long-term future of their company. Google, for example, has already announced that this is the approach it’ll take. 

This way of working requires companies to completely transform the way their companies have previously run – and it may come at the IT department’s expense.

The majority of IT leaders surveyed believe permanent remote work will put more pressure on their teams, while over a third (34%) are worried about their workers becoming stretched too far in terms of time and resource.

This is because, while it is great for employees, a hybrid way of working actually offers the worst of both worlds for IT teams who have to simultaneously manage and mitigate security risks that occur in and out of the office, while providing a seamless experience that enables employees to work-from-anywhere.

Why would permanent remote working arrangements increase IT teams’ workload? 

One of IT teams’ biggest concerns is the risk of phishing attacks, with 82% of IT leaders believing employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters of employees said they received a phishing email while working on their personal device between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

In fact, our report shows that nearly half of companies experienced a data breach or security incident between March and July 2020 – the remote working period enforced by the global pandemic – and half of these incidents (49%) were caused by phishing attacks. 

This made phishing the leading cause of security incidents during this time.

“Half of security incidents between March and July 2020 were caused by phishing attacks.”
Tessian Research

Insider threats are another concern. Over three-quarters of IT leaders (78%) think their organization is at greater risk of insider threats if their company adopts a permanent hybrid working structure. Such risks include employees bringing infected devices or documents into the office after working remotely and sharing sensitive information with their personal accounts. 

It’s also worrying that 43% of the security incidents reported between March – July 2020 were caused by malicious insiders.

For more information about the different “types” of insiders and real-world examples of each, visit our blog.

The problem is that insider threats are much more difficult to detect and mitigate when workforces are distributed. Why? A lack of visibility. 

A previous Tessian report revealed that nearly half of employees feel like they can get away with unsafe cybersecurity practices when working away from the office because they aren’t being watched by their IT team.  

Then, there are the security risks associated with Bring Your Own Device (BYOD) practices. 

Half of employees we surveyed have been working on their personal devices since the world went into lockdown in March 2020. The top BYOD security risks cited by IT professionals included:

  1. The downloading of unsafe apps
  2. Malware infections
  3. Software updates. 

It’s not surprising, then, that 1 in 3 IT leaders are worried about their teams being too stretched in terms of time and resource in a permanent remote working structure. 

“85% of IT leaders think they'll be under more pressure in a permanent remote working structure.”
Tessian Research

How can businesses balance flexibility and security without draining IT teams’ resources? 

Securing distributed workforces isn’t going to be easy. Why? Because businesses must transform and reinvent ways of working but IT teams are under-resourced and budgets are getting smaller and smaller. Failure to transform and deliver a seamless hybrid experience, though, could threaten companies’ security posture and see businesses losing out on talent. 

Education on the threats people can be exposed to and the threats they pose to company security when working away from the office is, therefore, an important first step. So, it is encouraging to see that 58% of IT leaders are planning to introduce more security training should their company adopt a permanent remote working structure. 

But approaches to training may need a rethink so that it resonates with employees and isn’t seen as “just another thing” on people’s to-do list. According to our report, despite 57% of IT departments implementing more education and security training for their employees during the pandemic, nearly 1 in 5 workers said they didn’t even take part.

This brings us to our second recommendation – security solutions shouldn’t hinder people’s productivity. 

It’s clear people want to be able to work flexibly, so tools need to be flexible, too. Solutions like Tessian are invisible to employees until threats are detected, which means we cause minimal disruption to people’s workflow. Our warnings are helpful and educational, not annoying. We give people the information they need to make safer cybersecurity decisions and improve their behaviors over time

Lastly, IT teams need greater visibility into their riskiest and most at-risk employees – regardless of where they’re working – in order to tailor training and policies and improve cybersecurity behaviors over time. Getting this level of visibility shouldn’t be a burden to the IT team, though. IT teams have enough going on, so solutions that leverage machine learning can take away labor-intensive tasks and help free up IT professionals’ time. 

The way people work is quickly changing. But one thing will stay the same; you need to protect your organization’s most important asset – your people

Businesses that protect their people from security threats and empower them to do great work, without security getting in their way, will set themselves for long-term success. 

Read the full report – Securing The Future of Hybrid Working – today.

Laura Brooks PR Director