The IoD website has recently experienced a security breach. Currently this is affecting payments when using a credit card on the website. If you wish to book a course or event, an invoice will be sent to you and payment can be made via internet banking or our phone credit card payment service 0800 846 369. IoD members can find updates on the breach here.

Cyber security advice for boards in the era of hybrid working

With hybrid working becoming part of the new normal, businesses should be careful to factor in cyber security risks when laying out a hybrid working policy.

By Hilary Walton CMInstD, CISO, Kordia
11 May 2022
read time
2 min to read
Screen with coloured computer code on it

As Covid-19 restrictions ease and offices reopen, many businesses are showing a preference towards maintaining some degree of flexible working. Commonly referred to as ‘hybrid working’, the new model sees a return to the office, but with the option of remote working where it suits both employees and managers. While this arrangement promises many benefits, such as increased employee wellbeing, improved productivity and better collaboration, businesses should be careful to factor in cyber security risks when laying out a hybrid working policy.

We provide three key considerations for directors when discussing new models of working:

  1. Assess your risks, and plan around them
    According to CERT’s 2021 quarterly report, phishing attacks went up 28% in Q4. Employee inboxes are still very much the genesis for most cyber-attacks, and understanding just how prevalent this type of activity has become is key to managing the risk it presents. In a hybrid setting, it’s important to look at tools and practices that will protect your workers, wherever work takes place. Directors should be asking their security teams make the time to identify what the greatest threats to the organisations are, and how to plan around these, and how to manage an incident if, and when, it occurs.
  2. Focus in on identity management
    When people are logging into the network from outside the safety of the office, you need to make sure every user is legitimate and has access only to the data and systems they need. Layering identity controls such as MFA and implementing strategies such as Zero Trust need to become the new baseline for accessing your business systems. Interestingly, many cloud based platforms such as Microsoft’s 365 come with identity management tools built in – but an alarming number of businesses haven’t turned these on.
  3. Formalise your hybrid cyber security culture
    With remote working, your employees truly become your first line of defence. Directors should be asking if cyber security teams are delivering regular training and communication that takes into account working remotely. Policies should also be adjusted to take into consideration that as covid restrictions lift, remote work won’t be limited to the home. With business travel opening up for example, new factors such as logging onto public wifi, working off mobile devices on the go, and how to manage physical security and situational awareness when in a public space are key. We’ve all been in a situation where we’ve been able to see the computer screen of the person working in the seat in front of us on an airplane – just one example of why staff need to be vigilant when working in public. 

Related content