HR news round-up: From childcare deserts to flex for older workers
Report highlights impact of childcare deserts Almost a third of people in England live in...read more
Charlie Acfield from Totality Services gives us some advice on how to tackle the cybersecurity risks associated with hybrid working.
The Financial Conduct Authority recently announced plans to evaluating those firms considering remote or hybrid working on a case-by-case basis, with firms required to prove that their employees remote working does not – or is not likely to – be detrimental to consumers, damage the integrity of the market, increase financial crime or cyber security risks or reduce the element of competition.
IT experts have drawn attention to the issue of cyber security as hybrid working becomes more commonplace. Those working remotely may not have the data and network protection that they have in the office and it is not easy for businesses IT support to deal with hardware and computer problems when workers are remote.
<Collectively, smaller businesses are subject to almost 10,000 cyber attacks per day, according the UK’s Federation of Small Businesses. One in five small firms say that they have suffered a cyber attack in the last two years. Even worse, the annual cost of these IT security attacks to the small business community is estimated to be around £4.5 billion.
Charlie Acfield, Technical IT Director at Totality Services explains: “When company systems were only used and accessed in the office, the risks were more straightforward to mitigate as more control was possible. With recent changes to more remote and flexible work practices, technology can help to protect the methods of data access as well as the endpoints themselves, whether they be personal devices (BYOD), company-owned, or mobiles.”
To help businesses to stay secure as they operate hybrid working models, Charlie highlights the most common cyber security risks that companies face, together with useful ideas of how to mitigate these:
Naturally, this is the most prominent risk from hybrid working as employees need to access company data remotely, whether in the Cloud or via remotely connecting back in to the main corporate network. When working remotely or logging into public networks, risks can increase and IT support teams can’t control the network and the associated security settings.
Staff area increasingly accessing corporate data from personal, un-managed devices, often on unknown and potentially insecure networks. All of these carry an extra risk as employees may not have taken sufficient, if any, security measures, such as keeping device software updated or using strong enough passwords and/or Multi-Factor Authentication. This means that the device and company data is at a higher risk of attack.
Legacy line-of-business applications – which more often than not reside on on-premise company servers- can be particularly problematic. However, these can be complicated in order to provide efficient and secure access to those staff and devices operating remotely as well as in the office.
A layered approach should be taken that builds up protection from the data source all of the way through to the endpoint, where possible: