Why are so many companies still on the back foot with secure hybrid working?

By Jon Fielding, managing director EMEA of Apricorn.

  • Wednesday, 28th September 2022 Posted 2 years ago in by Phil Alsop

Two and a half years on from the onset of the pandemic, and hybrid working is here to stay. According to a February 2022 survey from the UK Office for National Statistics, 84% of workers who had to work from home because of COVID-19 protocols said they planned to carry out a mix of working at home and in their place of work in the future.

However, despite the dust having settled long ago, many organisations continue to struggle with hybrid working from a security perspective.

Apricorn’s latest survey of UK IT leaders suggests that remote workers continue to pose a major threat to data security. Not only did more than 60% still expect that mobile/remote workers will expose their organisations to the risk of a data breach, but almost three in 10 confirmed that their organisation’s mobile/remote workers have knowingly put corporate data at risk of a breach in the past year.

What is also concerning is the fact that threat actors are clearly targeting this potential weakness. When questioned on the main causes of data breaches within the organisations, IT leaders primarily pointed to phishing emails, with 40% citing it as the main cause of a breach. Interestingly, this has increased from 35% in 2021 and is more than double the 19% that was cited in 2020.

Within this context, it is perhaps of little surprise that the number of organisations reporting breaches to the Information Commissioner’s Office has steadily increased from 25% in 2020 to 37% in 2022.

Threat actors are increasingly targeting the individual, and organisations are struggling more than ever to mitigate the potential for negligence or human error that continues to result in breaches.

A combination of problems

Unfortunately, there is not one single or simple reason why so many companies are still struggling with security despite organisations and employees now having settled into hybrid working scenarios.

Part of the problem continues to be accidents and errors that are, to some extent, hard to avoid.

Indeed, 37% of IT leaders stated that employees are continuing to unintentionally put data at risk, with 21% also stating that lost/misplaced devices containing sensitive corporate information were a major problem. For these reasons, as many as 21% state breaches were mainly down to remote and mobile workers.

At the same time, organisations themselves are continuing to struggle with the heightened importance of and reliance upon technologies that hybrid and remote working has brought about. In fact, as many as 42% stated that managing all the technology that employees need and use for mobile and remote working is too complex when implementing a cyber security plan.

Combine these problems with the fact that attackers are increasingly adapting their tactics and techniques to be successful in a new world of remote and hybrid working, and the multitude of challenges facing organisations from a security perspective are clear.

Four key security tips in the hybrid era

For too long, too many organisations have attempted to manage the transition to hybrid and remote working by opting for quick fixes and temporary solutions. Yet these have inevitably left gaping holes in security strategies.

If these haven’t yet been adequately addressed post pandemic, they must now be tackled as a matter of urgency, which begs the question – exactly how should organisations be updating their security strategies to be more effective in the modern era?

Thankfully, there are several simple steps that organisations can take. Here, we’ll outline four that are worth seriously considering.

1) Locking down endpoints

Organisations are increasingly recognising the importance of endpoint controls as hybrid working has become the norm. By protecting the endpoint, organisations can place trust in the integrity of their data and systems wherever an employee is accessing them, and whatever device they’re using.

By now, IT security professionals should have implemented corporate usage policies, and provided secure devices that mitigate the inherent risk of a ‘bring your own device’ strategy that was turned to out of necessity in some cases at the onset of the pandemic. Those who haven’t yet done so are behind the curve in protecting internal systems from insecure and unmanaged devices and must put policies and devices in place immediately.

2) Backing up data

Of course, no single solution will solve the security conundrum facing modern organisations. To gain greater peace of mind, firms should also look to implement effective backup strategies.

According to recent Apricorn data, nearly six in 10 of those organisations that have backups in place acknowledged they did so via an automated backup to a central repository only. This is concerning – indeed, a sole backup location risks costly business disruption if a business suffers a cyber-attack or a technical issue that renders that service or their data unavailable.

Instead, companies should look to embrace the ‘3-2-1 rule’: have at least three copies of data, on at least two different media, with at least one copy held offsite. Equally, the recovery process must also be rigorously and regularly tested to ensure full data restoration can be achieved effectively should a breach take place. Should we mention the 26% failure to completely recover back up?

3) Ensuring employees understand their role in security

Education equally has a critical part to play in helping to strength a company’s security posture.

By ensuring that staff themselves fully understand the specific threats the business faces, the risks associated with mishandling information, and the potential consequences to the organisation of a breach, greater consciousness can be instilled, and behaviours improved.

4) Leveraging the right technologies and tools

Fourthly, firms can leverage a series of additional technologies and tools to bolster their defences.

Data encryption, for example, can help to mitigate the biggest challenges faced by organisations when implementing a cybersecurity plan for remote or mobile working, helping to stay ahead of evolving cyber threats, comply with legislation and mitigate human error.

Interestingly, 16% of the IT leaders surveyed by Apricorn admitted that a lack of encryption had been the main cause of a data breach within their company, up from 12% in 2021.

Don’t risk becoming another statistic – now is the time to make a change. By leveraging a combination method such as endpoint protection, backups and encryption, you can enhance your security posture and dramatically reduce your risk levels with ease.