Wales

Hybrid Working

Because of the COVID-19 pandemic, working from home has become the default for millions of workers whose roles were traditionally office based. The resulting widespread shift in working practices – supported by rapid digital transformation and collaboration – has demanded a focus on safe and secure working in an environment where people normally live their personal, not work lives.

As restrictions have eased, many organisations have either rolled out or expressed their vision of their future working model, with most employees also stating their own preferences. Depending on the organisation, the ‘new normal’ will range from everybody being back in the office all of the time to 100% home working, and everything in between. “One or two days a week at work” is a commonplace prediction amongst both employers and their workforce.

Many workers – accustomed to years of the online protocols and good practice imposed in the workplace – have successfully adapted, improvised and become adept at home working. This concerns not only quality of life or available suitable workspace in the home… but how to maintain safe and secure working away from the office environment, which could also include the local café or rent-by-the-hour workspace.

A report commissioned by a cybersecurity services vendor* reveals that more than a third of those surveyed had picked up bad security habits whilst working from home during the pandemic. Equally, it is likely that some will have forgotten the security protocols and practices back in the workplace.

*Back to Work Security Behaviours Report, Tessian Limited

Advice for safe hybrid working

  • If employees are working from home, it is as vital to practise secure online behaviours – including not letting their guard down – as in the workplace. This includes making sure routers are secure, using a VPN (virtual private network) making sure they have up-to-date internet security software/apps, updating software/apps/operating systems, not clicking on spurious links or attachments and not sharing sensitive information.
  • It is important to consider that even the most advanced data, cyber and physical security in the workplace is effective only if everybody practises the appropriate security habits. This starts with simple measures like locking screens when away from the desk and not sharing passwords.
  • Working from home has blurred the boundaries between the organisation’s systems and users’ own devices and software. Be clear on the rules and risks of ‘Bring Your Own Device’, considering security, insurance, software licences and even potential distractions from secure working. With ransomware on the increase, personal devices on company networks also represent a significant vulnerability.
  • Mobile devices such as laptops, tablets and phones are more likely to be transported between workplaces in a hybrid model, increasing the chance of loss, theft. It is not just the device at risk, but the information on it and accessible from it. Devices should be carefully protected whether in use, in transit or outside working hours.
  • All staff should take extra care when working in remote locations such as cafés, hotels and on public transport. Risks include others viewing confidential work on screen (‘shoulder surfing’), and using Wi-Fi hotspots, which could be unsecured or fake, making them unsuitable for confidential or sensitive work unless via a reputable VPN.
  • Implement online security training sessions for all IT users whether they work in the office or at home 100% of the time, or divide their time between the two.
  • Take the opportunity for an audit of your organisation’s IT and cybersecurity, looking for potential weak points at perimeter, network and user levels, reviewing user access privileges, password protocols, acceptable use policies and other vital housekeeping tasks.

In partnership with

Jargon Buster

A Glossary of terms used in this article:

Privileged user access

Access rights to computers or data – normally varying between users according to what they are and are not entitled to see.

Virtual Private Network

Virtual Private Network: a method of creating a secure connection between two points over the internet. Normally used only for business-to-business communications.