Securing the Future of Hybrid Working

How to protect your people as they choose to
work-from-anywhere
Securing the Future of Hybrid Working.
When the world went into lockdown, ways of working changed forever. And now, business leaders must decide whether the future of work is remote, office-based, or a combination of the two.

Whatever the decision, companies are going to have to make significant changes to how they run their business, factoring in employees’ expectations for a level of flexibility that enables them to work however and wherever they want. And this will have huge implications for IT and security teams.

In this report, we look at why IT leaders believe their teams will be under more pressure in a hybrid working world. We reveal the threats businesses are more susceptible to when employees are away from the office, and offer advice on how to successfully secure your business in the new world of work. Read on to find out more.

The future of work is hybrid.
The 9-5, Monday-Friday office job is a thing of the past, according to the majority of IT leaders.

3 in 4 say they believe the future of work will be “remote” or “hybrid” – where employees choose to split their time between working in the office and – well – anywhere else they’d like.

Employees are on board. Just 11% of all employees said they want to work exclusively from the office, post-pandemic. And opinions varied based on age. Older employees were much more likely to want to work from home, with 92% of respondents over 51 saying so versus 56% of 18-30 year olds. It’s clear; your workforce expects to be hybrid.

Employees want to “work from anywhere”.

While most survey respondents say they’d prefer to work from home in a remote-working set-up, employees want the flexibility to be able to work from anywhere. And some businesses are already making decisions for it to happen. Nearly a third of employees (30%) said they’d like to work abroad or in a holiday home and just over a quarter said they’d like to work in coworking or hotdesking spaces.

While this may be great for work-life balance as well as productivity, IT leaders have some concerns.

IT leaders under pressure.

Half of IT decision makers are worried about people’s wellbeing if their company adopts a permanent remote working structure and another 46% are concerned that employees’ unsafe data practices could compromise their company’s security, leading to more data breaches and phishing attacks.

But, that’s not all. Over a third (34%) of IT leaders are worried about their teams being stretched too far in terms of time and resource. They also have serious concerns about their own workload increasing.

85% of IT leaders think they and their team will be under more pressure if their company adopts a permanent remote working structure.
Phishing was the top attack vector during pandemic.
IT leaders’ concerns are valid. Between March and July 2020, nearly half of companies experienced a data breach or security incident, with half of these attacks being caused by phishing attacks.

Likewise, nearly two-thirds of US and UK employees (65%) said they received a phishing email during the remote working period that was enforced by the global COVID-19 pandemic. 

It’s no surprise, then, that 82% of IT leaders think their company is at greater risk of phishing attacks when employees are working away from the office. 

And companies experienced more ransomware and smishing attacks, too.
Around one in four US organizations experienced more inbound attacks between March and July 2020, compared to the five months prior.

A significant percentage of the IT decision makers we surveyed saw an increase in ransomware delivered by phishing, as well as more impersonation scams like phishing, smishing and vishing – a technique reportedly used by cybercriminals in the high-profile hack on Twitter in July 2020

Increase in insider attacks.

But, it wasn’t just outside-in attacks that caused IT leaders headaches while people worked remotely. Over a quarter of businesses (27%) experienced more security breaches caused by insider threats between March and July 2020 compared to the five months before the pandemic. It makes sense. Employees were under increased stress and many were furloughed or lost their jobs altogether.

According to IT leaders, being outside of their normal office environment might also play a role. 78% believe their company is at greater risk of insider threats when employees are working remotely. 

Unattended devices pose a threat.
Of course, not all security threats are malicious. Some are the result of carelessness or limited access to a secure internet.

Of the IT decision makers surveyed, over half are worried that employees will connect to public WiFi. It seems they’re justified in their concern, too, with 58% of employees admitting that they’ve either considered connecting to public WiFi or – worse – already done. The blurring of lines between people’s professional and personal lives pose security risks that feel beyond IT teams’ control.

Securing a future for remote workers.

Businesses are already thinking about the long-term future of hybrid working and are looking at a number of solutions to update their security strategies, policies, and procedures. The majority (58%) said that they intend to introduce more security training. 

But, can security leaders ensure employees are actually tuning in to training outside of the office? Not yet. Despite 52% of IT leaders implementing more education and security training for their employees during the pandemic, nearly 1 in 5 workers said they didn’t take part. This isn’t trivial. Businesses need to tailor security training – and demand accountability from each and every employee – if it’s going to truly resonate and stick.

A strong case for email security.

Businesses need to focus on securing email as workforces transition to more permanent remote and hybrid working structures. Why? 57% of employees were more reliant on email as a channel to stay connected with colleagues when they were working remotely. This is supported by Tessian data, which shows email security usage increased by 129% in March-April 2020.

With remote work here to stay, hackers will continue to find ways to take advantage of the channels people most rely on in order to advance their malicious campaigns. For example, throughout the pandemic, we’ve seen attackers impersonate video conferencing services in phishing attacks to trick employees into sharing account credentials. Businesses must find ways to protect people from scams that exploit the channels they use the most frequently. 

Email traffic increased by 129% at the start of remote working period enforced by global pandemic, according to Tessian data.
Making security as flexible as your employees.

A strategy that successfully enables employees to work however and wherever they want is not going to be without security challenges. Why? Because businesses must reinvent, redefine and transform everything they’ve previously done. 

Failure to adapt could run the risk of losing out to competitors, especially when over a third of people said they would not consider working for a company that didn’t offer remote working. IT teams are under pressure to deliver a seamless experience, despite limited resources and funding. 

So, how can IT leaders create strategies that empower employees to work remotely and securely, downtrend the risk of human error over time, and avoid overwhelming their IT teams? Our report has the answers.

Download the Securing the Future of Hybrid Working Report

Download the full report to learn how IT leaders can create long-term security strategies that empower employees to work remotely and safely, and avoid overwhelming their IT teams.

Methodology
During August 2020, Tessian commissioned OnePoll to survey 250 IT decision makers and 2,000 working professionals: 1,000 in the US and 1,000 in the UK.
Survey respondents varied in age from 18-51+, occupied various roles across departments and industries, and worked within organizations ranging in size from 2-1,000+.