Navigating cybersecurity in a hybrid world

Navigating cybersecurity in a hybrid world

With hybrid working set to become a permanent part of professional life, concern about computer security abounds. Here, we offer tips for tackling the threat of cybercrime.

The experience of the last 16 months has meant that many office workers have been based at home.

This approach has allowed businesses to carry on functioning, but it’s also presented a bonanza of opportunities for cyber criminals looking to exploit new vulnerabilities in companies’ IT systems.

Rising cybercrime

An INTERPOL assessment of the impact of Covid-19 on cybercrime showed a significant shift in hackers’ focus from individuals and small businesses to major corporations, governments and critical infrastructure. According to the report, criminals began taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.

Cyber scams cost UK businesses more than £6.2m during 2020, with losses increasing by 31% during May-June, at the height of the pandemic. The most common type of attack was hacking through email or social media, which accounted for 53% of attacks over the year and losses totalling £2.9m.

The shift to hybrid working

Statistics like these may make worrying reading for business leaders as we enter a new world of work – one where the hybrid model looks set to become standard and people want to continue working from home. 

Forward-looking firms now recognise the advantages of hybrid working for employees, profits and the planet, and have taken steps to commit to this approach for the long-term. IWG has signed groundbreaking deals with Standard Chartered bank and NTT in the first half of 2021, with new partnerships adding more than a million users to its global network of flexspaces in the past six months. 

This new era offers opportunities for businesses, investors and employees – but it’s important that cybersecurity isn’t forgotten as we adjust to the change. 

“From a hacker’s perspective, the aim is to gain access to data – ultimately, data is the new oil,” explains cybersecurity expert Jason Hart. In a post-pandemic world, he says, “More people than ever before are handling data, which in turn amplifies the risk for organisations.”

According to Hart, cybersecurity is dependent on “three core areas: people, process and technology”. Here, in line with these priorities, we look at key ways your clients can shore up their systems. 

Personal and business passwords

Hart cautions that the most important line of defence against hackers is the password, but points out that “90% of people use the same password for both personal and business life, typically based on combinations of a person’s interests, hobbies or children’s names.” 

“You end up with a set of passwords that you commonly use – so that’s the first problem,” says Hart. “The solution is for organisations to ensure that their employees use a different type of password in their business life to their personal life in order to create a silo effect: business life, personal life – two separate worlds.”

Setting up additional methods of authentication is also worth considering for hybrid workers. The Microsoft Authenticator App, for instance, adds an extra layer of security by requiring users of Outlook email software to confirm their identity via their mobile device before access is granted. 

Process and technology

Then there’s the ‘process’ aspect of cybersecurity. “When an employee receives an email or a phone call purporting to be from the [company] support desk,” says Hart, “that employee needs to ask themself whether that’s normal.”

It’s vital for employees to be sure about what information they will be asked for during conversations with colleagues. Without a clear policy in place, there’s room for confusion – and this represents opportunity for cybercriminals. 

"Companies assume technology solves all [cybersecurity] problems,” Hart argues. “But actually… what hackers will do is look at technology, people or processes within an organisation, and then identify weaknesses within the process and the people in order to circumvent the technology.”

How flexspace can help

Providing employees with access to flexible workspaces is one way to mitigate the cybersecurity risks posed by home working, which can include poorly protected WiFi networks.    

All of IWG’s flexible workspaces, including Regus and Spaces locations, have business-grade WiFi as standard, as well as stringent security systems that are continuously checked for resilience. 

“Even though our offices have different companies using the same network, we make sure that one client can’t connect to another [via that] network,” says IWG’s Information Security Manager Ran Haer. “And while we don’t touch our clients’ data, we do provide them with different network services, all of which have security embedded. 

“We use penetration testers, also known as professional hackers: a specialist team who go into centres and test the systems. If a new service is installed or product released, we’ll bring in the team and they’ll try to break it. We are continually checking everything behind the scenes to provide a flawless customer experience.”

Above all, says cyber security expert Hart, “Businesses need to ensure that… their workforces are alert to the potential threats and acquaint their people with appropriate company security processes in order to keep bad actors out of the company network.”  

In a world where workforces are likely to be more distributed than ever, combining well-defined company IT policies with access to well-equipped, close-to-home flexspace is perhaps the best way to ensure the hybrid working future is as secure as the office-based past.

An industry leader for more than 30 years, IWG is helping both businesses and brokers find the flexspace solutions they need in this new world of work.


BACK TO RECENT ARTICLES