Securing the future of hybrid working

How to create a secure environment, wherever your team is working

Hybrid working is creating exciting new opportunities for organisations to boost productivity, enhance employee engagement and gain a competitive advantage. But for businesses willing to adapt, there are serious security questions they must first ask of themselves.

“Almost half of businesses (46%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68%) and large businesses (75%).” Cyber Security Breaches Survey 2020

Among this 46 per cent of businesses that identify breaches or attacks, more are experiencing these issues at least once a week in 2020. As organisations resume their operations, safeguarding employees, assets, data, and reputation will be critical.

But the traditional, network-based security measures trusted by modern businesses to keep their systems safe were not designed with flexible working models in mind, and with hybrid workers moving infected devices between home and office environments this creates new risks.

In the face of this, what risks does your business face as you embrace hybrid working? Which steps should you take to secure your systems and how can Opus help? To shine a light on the subject and help you to solve these challenges within your own business, we caught up with Stephen Harte, a cyber security specialist and director at Opus.

How hybrid working challenges security

“As you might expect, the biggest security risk faced by hybrid organisations is the individual user being at home, beyond the protection of the corporate network”, Stephen explains. “Most corporate networks are made up of multiple security layers to protect the systems and assets behind them. Without this protection, the user is more exposed. When the whole business is operating this way, the company is more vulnerable.” Working remotely also distances employees from the direct support of the IT team. As a result, they may be less likely to check in with IT when they receive a suspicious email or other potential cyber security threat. As Stephen explains in the following example, because employees have more autonomy, they’re more likely to fall for those kinds of mistakes. “I recently became aware of a company whose chief executive was targeted by a phishing campaign. One of the company’s key suppliers had been hacked. Once the hackers were in their supply system, they began sending emails out of the mailboxes. Because the emails came from a trusted source, the board member didn’t suspect them. This type of threat is particularly hard to protect against, and yet it’s quite a common scenario.”

The way we work has changed. So has the importance of security

“The pandemic has accelerated the move to cloud and brought security to the forefront of considerations”, Stephen explains. “As a result, we’ve seen a noticeable shift in the mindsets of organisations, in particular their IT teams. As recently as two years ago, the IT function’s primary responsibilities were still focused around keeping systems running. Their main concern was making sure that employees across the business could access the systems when they needed to, keeping the lights on and the business operational.” Now, the environment has changed. Because those systems have moved into the world of cloud, and typically it’s now the cloud provider’s responsibility to keep those systems running, Stephen is seeing IT teams’ responsibilities shifting more heavily towards data.

Securing the future of hybrid working with Opus

As more organisations look retrospectively at the systems they’ve implemented over the course of the national lockdown, we’ve seen a growing demand from companies asking us to review their security policies to ensure that best practice rules are put in place. “To help our customers address their cyber security training needs, we offer an accessible product called Clip Training, which has cyber security training embedded alongside general Microsoft application training”, Stephen explains. “As many of our customers have discovered, it can actually be deployed within the Teams application, making it easy to use by everyone who’s already familiar with the Teams platform. It also enables you to set rules and training tasks for your staff so you can clearly track who’s finished the training and set dates for when it needs to be completed or renewed, for example.”

Amongst the components that often go into our secure endpoint offering, we’re able to layer everything from next-generation anti-virus software with AI and machine learning capabilities right through to the SASE defences we touched upon earlier. As Stephen explains, our customers’ most secure endpoint environments are achieved by layering a variety of different security systems on top of one another.