The concept of hybrid working is actually nothing new. Neither is the concept of remote working. What is new is the scale with which they are being adopted in the modern, digital world.
Employers have to be careful to ensure that the advantages of this approach are not lost due to cyber-attacks. Here, Luke Watts, Managing Director at RoundWorks IT shares his insight into Hybrid Working and how businesses can move forward.
Remember employees are not freelancers
This may seem like stating the obvious, but this fact has significant implications for cybersecurity. The key difference between an employee and a freelancer is that an employee provides their time whereas a freelancer provides their services.
As such an employer can, and indeed often must, take more responsibility for employees than for freelancers. On the other side of this, an employer also has the right to insist that employees follow agreed working practices. Employers can use this to ensure that effective cybersecurity protocols are followed.
Be aware that workspaces vary
Realistically, what you can expect from remote workers in terms of workspace is likely to depend on the grade of their role. For example, entry-level/lower-paid workers are more likely to live in smaller homes. They may therefore not have space for a proper home office even if they prefer working from home (at least some of the time).
For more senior roles, by contrast, it may be practical, if not essential, to insist on proper home offices as part of the hiring process. It may also be practical to insist on fully remote workers having proper home offices even for entry-level/low-paid roles. Fully remote workers have the option to move further away from cities where property is often much more affordable.
When workers have limitations with their workspaces, then employers may need to step in to counterbalance them. In the context of cybersecurity, for example, you could counterbalance open workspaces by giving employees privacy filters. Using privacy filters means that screens can only be viewed straight on, not from the left or the right.
It is also advisable to give your employees comfortable headsets. Typically, employees will be the ones asking other people security questions. It is fine if these are overheard but the answers to them must be kept private. If employees are discussing sensitive information, then you may wish to issue them with soundproof panelling.
Never trust external networks
The issue of employees’ having a potentially insecure network is an easy one to fix. Just use an effective VPN (Virtual Private Network).
Never allow employees to use their own devices
It is fine to allow employees to use their own smartphone or tablet to access authentication apps. It can be acceptable to allow them to use their own phone (smart or otherwise) to receive authentication codes by text. The main reason this is not ideal is that text messages are reliant on third parties to deliver them. They can also be intercepted e.g., by “simjacking.”
Otherwise, employees should never use personal electronic devices or accessories to work from home. You should supply them with anything and everything they need. If you have not already supplied your employees with IT equipment, then now is an excellent time to consider your options.
Windows versus other options
For decades now, Windows has been the default option for most businesses. Now, however, Windows 10 is due to be retired on 14th October 2025. It will be replaced by Windows 11. The change does, however, create a further reason for businesses to assess the competition.
Macs have long been a formidable force in education and the creative industries. Over the last couple of years, however, they have been gaining more ground in business as a whole. Although coincidence does not mean causality, it seems highly likely that the growth in Mac usage by businesses was a direct result of the switch to hybrid-/remote-working.
Macs are definitely not hackerproof, but they are much more difficult to hack than Windows PCs. In simple terms, this is because macOS is structured very differently from Microsoft Windows. Prior to the pandemic, the extra security this offered was often not enough to tempt businesses away from the familiarity and affordability of Windows. Now, however, the situation is different.
Another exciting development is that ChromeOS has now reached a point where it can reasonably be considered a mature operating system. ChromeOS is a close relative of MacOS and hence relatively difficult to hack. Chromebooks, however, are much more affordable than Apple devices. They could therefore be an excellent choice for modern businesses.
Never keep data on endpoints or local storage media
The term “endpoints” basically refers to any device used by employees. It includes computers, tablets, and smartphones. Local storage covers everything from hard drives (portable and otherwise) to USB sticks via CDs/DVDs and memory cards. Keep all data in the cloud.
If you run your own cloud system, then security is entirely your responsibility. If, however, you use a third-party cloud vendor, then security is a joint responsibility. The cloud vendor is responsible for protecting its servers against external threats. You are responsible for ensuring that your cloud accesses are properly managed.
This means that you need robust access-management protocols. Your starting point is making sure that people only have access to what they need. You need protocols for their access to be reviewed any time there is a change (e.g., they move role). It is also advisable to make periodic checks on whether or not employees who have not changed roles still need all their accesses.
Additionally, you need to ensure that employees are being properly verified before they access company systems. For practical purposes, this means two-factor or even multi-factor authentication.
Vet your employees thoroughly and train them well
Neither of these requirements is remotely unique to hybrid-/remote-working but they do take on a whole new level of importance in these environments. You need to be able to place an even higher level of trust in employees working at a distance to you than you do in ones you can physically see.
You can only do this if you are sure you’ve picked the right people and given them the right training. This training should include how to get help if they need it. Ideally, help should be available through at least two channels, for example, online ticket and phone.