Ever since the emergence of Covid-19, the need for working remotely has increased drastically. A remote working environment may have been a challenge for many organisations, given the vast amount of preparation required to shift workforces to remote working environments in a short period of time, but many employees and employers also experienced benefits of remote working such as:
- avoiding a lengthy commute
- better work-life balance
- increased productivity
- more flexibility, decreasing stress levels
The pandemic certainly changed the ways of working and employees have now come to expect a level of flexibility when it comes to their work environment. Employers that are able to adapt to this new way of working and provide their employees with flexibility are more likely to attract and retain top talent.
Among all the positive aspects of working from home, there are also risks that organisations may face, cyber security risks and online threats are chief among these. Employees do not necessarily have the same level of cyber security on their computers and mobile phones when they are working remotely, as they do at the office, which likely increases their exposure to cyber security threats. Organisations will need to manage this quickly to avoid cyber security breaches.
How do we manage the increased risk of cyber-attack with a remote or hybrid workforce?
Assess your changing cyber security risk profile
As organisations transition to the new ways of working, the resulting changes to the company’s cyber security risk profiles must be repeatedly assessed and monitored.
Your risk management and business personnel should work together to re-evaluate cyber security budgets and prioritise investments to improve a company’s cyber resilience in line with its risk tolerance.
Adjust your cyber strategy
Start with measures that can be implemented immediately such as:
- revising existing cyber risk guidelines, requirements
- controls on how employees access data and communicate with a company’s network.
Examine new security tools and requirements for sharing and maintaining private information with vendors.
For example organisations may need to adopt:
- more robust data loss controls
- traffic analysis tools
- access restrictions.
Ensure that vendors that aren’t currently prepared for heightened cyber-attack risk commit to developing cyber preparedness plans to safely handle information or interact with your company’s network.
Finally, develop instruments to understand how your security programme changes reduce cyber security risks after each initiative is rolled out. This is not a one-and-done exercise; organisations need ongoing agility to hit what is a decidedly moving target.
Step up cyber training and exercises
Employees need to be informed of new cyber risks and reminded of their role in effectively preventing, detecting, responding to, and recovering from cyber-attacks.
Design role-based training programmes and exercises to raise the awareness at every level of new and changed cyber risks introduced by increased remote working. Training programmes should cover new threats, rules for approved device and data use, and processes to report suspected cyber incidents.
Engage in walk-throughs and simulations for new cyber-attack scenarios armed with playbooks that provide clear guidelines for required actions, including when (and to whom) decisions should be escalated. By doing so, teams can identify shortcomings that must be overcome in order to respond effectively to cyber-attacks.
Much of the operational shift that has occurred as a result of the pandemic will outlast the immediate crisis and aftermath. To adapt securely, organisations need to understand how their cyber risk profiles have changed and must revamp their strategies, training, and exercises to address threats and minimise risks.
