Cybersecurity and hybrid working

February 16, 2022

Cybercrime in the era of hybrid working

When the world went into lockdown, companies faced new cyber security challenges with people working from home.

Moving into the era of hybrid working

So now we’re moving into the era of hybrid working, with around 83% of businesses adopting - or planning to adopt - this approach, are the risks still the same, or are there other dangers to be aware of?

One of the groups of people who are most delighted about this change is cybercriminals (or hackers). Whatever you call them, they’ve taken advantage of security vulnerabilities in business systems across the world. The most common types of attack are phishing and social engineering, stolen devices, and individual people’s details or security credentials being compromised through ransomware or other means.

The impact of a cyber-attack on a business can be wide-ranging. There’s obviously the financial loss suffered initially, as well as lost sales because of reputational damage and loss of trust along with possible fines and regulatory sanctions. The emotional impact on the team of having to deal with it all can take its toll too.

Home networks vulnerability

Often, employees’ wi-fi networks aren’t as secure as corporate ones, so make sure yours is sufficiently robust wherever your employees log in. Do you have multiple layers of authentication users need to go through? Two-step security, known as Multi-Factor Authentication (MFA), is always a good idea with either an online system or a physical token as well as passwords.

Be wary of social media

This is an increasingly popular way for cybercriminals to infiltrate organisations. Criminals set up fake profiles or automated bots to manipulate and trick users into giving away sensitive information. You can protect against this by having a clear social media policy in place and training your people to spot the signs of a fake profile and keep themselves - and your company info - safe.

Gone phishing

Scammers are becoming increasingly sophisticated, and it can be difficult to tell a real email from a fake, phishing one. This is a trend that’s been around for a while, of course, but it’s certainly not gone away. Add a ‘Report the phish’ button or something similar to your systems, so your people can easily and safely forward on anything suspicious.

Up in the clouds

More companies are moving to the cloud with people working in different locations. Cloud improves mobility and productivity, and it also allows cybersecurity to be managed centrally, so keeping cloud services updated and with the latest security settings is critical. Security of data is also a priority and making sure company data is backed up is a must.

Protecting your business

There are steps you can take to protect your business. The first of these is to make sure you have the right IT in place with strong security protocols. An off the shelf package might be what you need, or something more bespoke might be a better option. Ask an expert to help show you what’s available.

Once everything’s in place, you need to assess it regularly. Does it work as it should? Has it been updated to the latest version? Again, you can get a security expert to take a look.

It’s also sensible to have a security strategy in place. This should help you identify and deal with risks to your business. This will need to be detailed and ever-evolving as things change. Make sure it’s documented, and the right people know where to find it.

Cyber insurance

You might not have thought about taking this kind of insurance out for your business. However, it could be crucial, as it covers you against data breaches involving customers’ information, cyber theft (including employee theft), business interruption caused by cybercrime, and many other cyber incidents.

Please contact  Simon Chapman - independent cyber consultant, Mark Wiseman - Group Commercial Director of Connectus Business Solutions, or Lisa Petherick - Client Director of Konsileo (Insurance Brokers) Limited for more information on cyber security and cyber insurance.