Are Flexible Working Patterns Compromising Your Company's Cybersecurity?
There can be no doubt that the way we work has been affected by the Covid-19 pandemic. This unusual time for everyone had many consequences for businesses and individuals—one of the most significant shifts from in-office to remote work. More flexible working patterns have been established, which has continued despite the worst of the pandemic.
Of course, remote work has many benefits, including greater flexibility and possibly even a boost in productivity. However, it does come with challenges too. One of the significant ways that flexible working patterns can negatively impact your business is through cybersecurity issues.
66% of IT managers believe working at home leaves workers more exposed to potential cybersecurity risks. This shows that there is a belief that a change like flexible working can leave the whole company more vulnerable to cybercrime.
In this article, we'll look at whether this is the case and examine some of the critical ways that flexible working patterns can create challenges for the cybersecurity of your team.
The growth of shadow IT
The most significant cybersecurity concerns can often arise through perfectly innocent activities. An excellent example of this comes in the form of shadow IT. Shadow IT has an intimidating-sounding name, but it is familiar to many of us. It can be defined simply as any software or application used without the IT department's permission.
Such a practice might sound harmless, but problems can arise if a staff member uses an outdated application or has known vulnerabilities that cybercriminals can exploit. Had the app been vetted by the IT team, these issues would have been noted and either they could have updated the app or found a replacement.
But if the IT team doesn't know about the app, they can't do anything to defend the business against it.
Unfortunately, shadow IT is more likely when working at home than in the office, where the IT team is more likely to have more oversight of what is being used.
More relaxed at home
“With remote working the new norm, it's easy to slip into bad habits,” says Juliette Hudson, SOC Team Lead at Redscan. “However, with cyber security risks being greater than ever and remote workers lacking office protections, it's important to maintain a high, if not higher standard, security awareness. If you're a home worker, security protocols should include locking your workstation whilst away from your desk”.
It is the case that many workers are happy to take everything very seriously at the office, setting a strong password and following procedures closely. However, it isn't always the same story when working remotely. Your staff are a crucial line of defence; it can be disastrous if they aren't following good security practices.
BYOD
It is also the case that flexible working encourages using a more significant number of personal devices. There doesn't have to be anything wrong with this, but it does open up the company to a broader attack area for cybercriminals.
Once again, the problem is that staff don't always understand the importance of following procedures and doing precisely what they are told to do. It is crucial from a security perspective, but it seems to have little impact on their day-to-day working life. This is why it can be challenging to remember.
Missing office protections
Flexible working will generally involve staff working outside of the office. Once again, this can have potential cost-saving benefits for the company and help staff avoid long commutes, so it has been well received as a concept. However, working in the office provides a range of cybersecurity provisions that make staff safer.
Working at home means relying on their private cybersecurity measures, which are not always up to the same level as those in the office. What is worse is that companies have never been in a worse position to change the kinds of cybersecurity they offer. There is a shortage of qualified and experienced cybersecurity professionals. This makes it extremely difficult to bring the kind of expertise into your business that might mitigate some of these issues.
Complicating password management?
Passwords are an essential part of cybersecurity. Statistics show that a monumental 80% of data breaches can be traced back to weak or reused passwords. However, it is possible that flexible working makes passwords weaker and puts the system at greater risk of attack.
If a staff member has to remember a password to be used on multiple machines, they might ignore robust password protocols and opt for one that is easy to remember instead. Unfortunately, this leaves the business open to cracked passwords and cybercriminals entering the system without anyone's knowledge.
Tips for improving security with flexible working patterns
- Multi-factor authentication – also known as MFA, is an elementary form of cybersecurity that can be very effective. The concept here is that inside of relying on a single form of authentication (such as a password), it will only grant access with multiple forms of authentication. Options could include fingerprint scanning, memorable phrases, or access codes sent to other devices.
- Regular training – training is a crucial part of cybersecurity that is often overlooked. You should regularly provide staff with high-quality training and keep up to date to help staff understand the most current threats.
- Having an incident plan in place – one of the fundamental problems for remote workers is not knowing what to do when they discover something has gone wrong. In many cases, things are made worse by staff not acting as they should. To counteract this, you should have an incident response plan in place so that everyone knows what they need to do in the event of a cyberattack.