Last reviewed 22 October 2021

Marking Cybersecurity Awareness Month, the British Standards Institution (BSI) has stressed the importance of having secure IT systems and effective cybersecurity practices in place for organisations developing hybrid working procedures.

It notes that tech and telecoms companies have unsurprisingly been found to be more in favour of remote or hybrid working than their counterparts in more traditional sectors such as financial services.

However, while remote or hybrid working allows for a better work-life balance and increased productivity levels in many cases, it also adds to the risks and vulnerabilities that firms must consider when designing and adapting their cybersecurity measures.

For example, in a recent survey conducted by BSI’s partners Exonar, 36% of home workers have downloaded unapproved software onto computers to communicate with colleagues during homeworking.

“The advantages of working from home are just as appreciated by those looking to take advantage of a lack of cybersecurity in personal office environments,” Mark Brown, Managing Director — Cybersecurity and Information Resilience at BSI, said. “Educating the people that make up corporations is ultimately the best course of action and has become so much more important due to these new working models.”

Even if employees spend only half of their working hours in their home offices in the future, BSI warns, this presents a situation ripe with serious cybersecurity issues.

Organisations adopting such hybrid models should be continuously monitoring and analysing systems for vulnerabilities to ensure that none of a network’s components fall behind on patching and update management.

Systems will need to be devised for device testing and sanitisation procedures should be established before allowing unvetted devices to access a corporate network.

Comment by Kate Palmer, HR Advice and Consultancy Director at Peninsula

Implementing a clear homeworking policy and ensuring all employees have access to information about appropriately using systems and information, can help reduce cyber threats for remote workers.

Managers should also highlight the processes employees should follow if they experience any security risks whilst working.

While organisations can consider asking their staff to sign a confidentiality agreement, however, it’s important they make their teams aware of what computer usage is monitored and the potential consequences if employees are seen to be breaching this.