4 ways your cyber security needs to change with hybrid work

Has your organisation started to settle into an easy hybrid working rhythm which sees your team split their week between the office and home? Join the club.

It’s now a little over two years since the onset of the COVID crisis up-ended regular life as we knew it, for millions of Australians. Since that time, “work” has evolved into an activity rather than a physical destination, for tens of thousands of Australian knowledge workers.

So much so that 35 per cent of employers expect to engage in hybrid working in the future, according to Busting the productivity myth: Hybrid working in Australia 2021, a report commissioned by Telstra late last year. That’s up from just 19 per cent, pre-COVID.

It’s a shift that has the potential to generate an additional $18.3 billion in economic activity and create 42,500 new full-time jobs over the next 10 years, the report found.

The cyber security challenge

For local businesses whose modi operandi lend themselves to the hybrid model, the benefits can be significant too – better work-life balance typically results in happier, more committed employees – but so can the risks.

“Many organisations have built their security tools for working on secure office networks, not working from home. The use of less secure communications, an increase in nonstandard business practices, and the rapid introduction of significant business change have impacted organisational risk profiles,” the Telstra report notes.

Meanwhile, cyber incidents and attacks are becoming ever more frequent and expensive: in 2020, these were estimated to have cost the Australian economy up to $3.5 billion. That’s a cost that’s largely borne by the organisations unlucky enough to experience them.

VIEW ALL

The best way to ensure yours doesn’t join their unfortunate ranks is by maintaining robust processes and practices that protect your operations, and your employees, against incursions, both opportunistic and well planned.

Here are four ways to do so.

Patch your applications promptly

It’s an oldie but a goodie … Software vulnerabilities have long offered the easiest “in” for hackers and cyber criminals. That’s why studies consistently show that unpatched internet applications are involved in upwards of 50 per cent of malicious attacks. Reducing your risk of becoming a statistic is simple: Introduce a “no ifs, not buts” patching policy that requires critical software updates to be applied to all company devices within a week of their release.

Introduce multi-factor authentication (MFA)

Multi-factor authentication is not new either, but it’s not as widely used as it should be, given the added protection factor it provides to organisations, particularly those which have employees working off-site. With users under persistent attack from bad actors’ intent on stealing their credentials, relying solely on passwords to safeguard your business-critical systems and databases has become a risky bet. MFA technology which requires your team members to demonstrate their bona fides in an additional way makes it that much harder for phishers and hackers to worm their way in.

Train your team

Speaking of phishers, they’ve become much cannier and more sophisticated than once they were. Their individually targeted emails, text messages and app messages are now harder to spot, courtesy of automated phishing tools and programs that cull social media networks and other sites where personal information is posted.

Encouraging employees to remain vigilant against unusual or suspicious messages and requests, to check the addresses on emails to ensure they’re from legitimate sources and to avoid clicking on links in emails and downloading files from unfamiliar sources is critical. The best way to ensure your team stays on the ball is by introducing regular cyber security awareness training sessions, augmented by simulated cyber attacks which test their reaction to realistic cyber gambits.

Coordinate your cyber efforts

For many SMEs, particularly those with modest ICT budgets, cyber security can easily devolve into a piecemeal affair, with disparate tools and solutions thrown at the problem and not enough thought given to the coverage those technologies provide.

Inefficient spending and unaddressed vulnerabilities are very often the result. Working with a well credentialed, managed service provider can ensure your enterprise is using cyber security solutions that provide protection, detection and response at all endpoints, network and Wi-Fi security and robust identity control for all users. Doing so may prove no more expensive than a DIY approach while providing a much higher level of protection.

Safeguarding your future prosperity

The COVID pandemic has changed the way Australians work and, if you’re sensible, your organisation’s cyber security provisions will change apace. Solutions, services and processes that deliver robust protection to the enterprise, irrespective of when and where employees log in, is an investment in business continuity and sustainability few businesses can afford not to make.

Anthony Daniel is the regional director – Australia, New Zealand and Pacific Islands, at WatchGuard Technologies.