Hybrid work is here to stay. Over the past two years, flexible work combining the home and office has achieved mainstream success in many industries. It has been, by and large, a positive shift. Telstra reports that, in Australia, hybrid work has benefited employee productivity, mental health, and will bring $18 billion and 42,000 full-time jobs over the next decade.
However, with 88% of employees now working remotely, established processes are racing to catch up to the ‘new normal’. Cybersecurity is particularly at risk of exploitation, and for small and medium businesses (SMBs), ensuring business-critical data is secure outside the office is a priority. As we move permanently beyond the safety of centralised workplaces, it’s vital for SMBs to understand what’s changing, what protection is available, and what an effective cybersecurity strategy looks like.
The state of play and cybersecurity considerations
When a workforce is centralised (in an office, for example), cybersecurity is centralised too. With hybrid work, protections like office firewalls are no longer effective. “Rather than having one office with 50 people in it, you’ve got something now which is more akin to having 50 individual offices which needs to have those types of security controls reflected,” says Chris Reay, Small Business Security Lead at APJC.
The office exodus has heightened cybersecurity risks, with a Cisco report suggesting 75% of Asia Pacific SMBs are more worried about cybersecurity now than in the 12 months prior, and 56% reporting actual cyber attacks. A recent Forbes article suggests that a shift to cloud-hosted data, employee-owned technologies and general carelessness accounts for much of the new cybersecurity vulnerability.
What will the election mean to you?
Sign up to our free newsletter, including this weekend’s coverage of the election.
The result is that businesses need to seriously consider the differences in cybersecurity processes and strategies required with hybrid work. Specifically, this means understanding what security looks like beyond the office.
Protecting data and processes
Generally, cybersecurity threats to businesses are unsophisticated yet effective. Tactics like phishing (sending disguised links through email, for example) and exploiting uninstalled security updates are among the most commonly reported attacks. It means that while security software is effective, there are simple steps businesses can take immediately to remedy the risk. “We find that 81% of hacking related breaches leveraged weak and/or stolen passwords,” says Chris Reay. “So having something like a multi-factor authentication piece of software adds another layer to protect you.”
Education, too, is a powerful tool. In its report, Risk Management Institute of Australasia emphasises the importance of employee training in creating a ‘human firewall’. “Whether it’s following a link, not patching the hardware or software or not creating a robust framework, humans are involved. It is widely reported that human error and social engineering account for 90 per cent of all data and security breaches.”
A starting point for secure work strategies
Each business faces its own unique challenges, but forming a holistic strategy encompassing the variables of hybrid work should be the priority.
“We found in our survey that only 15 percent of companies know within an hour that they’ve got hit, and only ten per cent of those could do something about it,” says Reay. “So that speaks to having a combined approach around people, technology and processes coming together. Really think about that — know you’re under threat, think about who you’re partnering with, and then pick the tools with the highest efficacy.”
Consider the following areas as starting points in a hybrid work cybersecurity strategy:
- Education: Ongoing training around cyber hygiene is vital, with password policies, installing the latest software updates for your devices to patch against vulnerabilities and limiting access to your most valuable data are some quick wins.
- Multi Factor Authentication: this is the most effective way to ensure that users are who they say they are.
- The right tools: Email and web security are priorities since they remain the primary methods for delivery of ransomware and malware. Also, Anti-virus or Anti-malware software is recommended to protect the devices we are connecting from.
- A trusted partner: Some cybersecurity can be handled internally, but an effective cybersecurity partner is money well spent. “Pick someone that you trust and work with them to really have a data-protection approach, because your data is your crown jewels,” says Reay.
As the hybrid work model shifts into permanency, the nature of cybersecurity is changing. As SMBs face a greater threat from cyber attacks, it’s important to remember that at its most basic level, positive changes can be made almost instantly.
Actions like employee education, security updates and increased password protections are realistic for any business. At its most basic, simply understanding a business’s vulnerability is half the battle. “Know the value of your data, Know who has access to your data, know where your data is stored and where the back ups are, know who’s protecting it, and know how well your data is protected,” says Reay. “Not many people think it through to this level.”
READ NOW: The leader’s role in hybrid work
Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected. An integral part of Cisco's DNA is creating long-lasting customer partnerships, working together to identify our customers' needs and provide solutions that fuel their success.