3 Major Security Risks Of A Hybrid Working Model

In Australia, we saw an increase in the number and sophistication of cyber threats, making crimes like extortion, espionage, and fraud easier to replicate at a greater scale. The ACSC received over 76,000 cybercrime reports, an increase of nearly 13 percent from the previous financial year. This equates to one report every 7 minutes, compared to every 8 minutes last financial year.

Keeping a business running during the global pandemic resulted in many companies adopting a remote-work system. Now that the world is approaching a post-pandemic era, the question is whether to switch back to on-site work or carry on with remote work.

Many companies’ current working landscape is a hybrid working model—with team members working either in-office or remotely. Studies conducted in early 2022 show that 78% of people working remotely would choose to continue doing so. Further, 61% of remote team members do it by choice.

While this hybrid workforce may be beneficial, it poses some challenges regarding cyber security. Here are three of the most significant cyber risks to prepare for when your team is distributed between the office and their home:

It’s given that someone working from home will require an internet connection to perform their duties. The most likely scenario is that these individuals will be operating across their at-home internet connection. While home networks are mostly secure enough for personal use, they may pose certain security risks when the business comes into play.

Home networks can be targeted and hacked. In the eyes of malicious hackers trying to access company data, it’s much easier to target a remote worker’s home network than a monitored, protected business network.

One of the biggest risks of home networks is that most routers are made with preset administrator login credentials, which are usually publicly available. It becomes a simple backdoor for hackers to enter through if left unchanged. Home networks and personal devices may also lack secure firewalls, posing an additional security risk.

Companies can mitigate this risk by ensuring team members take specific security protocols on their home networks and devices. For example, the company may provide firewalls, antivirus and network security services to remote workers. Alternatively, providing remote team members with a company network and device may be beneficial, only to be used for work purposes. This network and device can then be set up with a company-wide cyber risk plan.

It’s no secret that public networks are some of the most unsecured internet connections available, even for personal usage. When it comes to business, public networks should ideally be avoided altogether. However, with a hybrid workforce, it’s nearly impossible to control where your remote team members work and which networks they’ll have access to.

Public networks are like a hacker’s playground. They can be infected with malicious software, which may allow hackers to ‘snoop’ on someone’s network activity, steal data and collect login credentials.

Such networks may also lack secure encryption, allowing a potential leak of sensitive data. Moreover, malicious users can install their access point to a public network, acting as a ‘middle-man’ as individuals unknowingly transfer data through this unsecured and dangerous access point.

From a business standpoint, managing the cyber risks of public networks should include educating all team members about cyber safety and threats associated with public networks. If at all possible, the business can prohibit the use of public networks when working out of the office. Using a virtual private network (VPN) may also improve security and anonymity on, but not limited to, public networks.

Phishing emails are fraudulent cyber-attacks intended to trick individuals into revealing user data like login credentials or personal information. These attacks typically take the form of an email meant to incite a user to enter such data into a fake, disguised login portal which then sends this data to hackers.

What’s more, the number of phishing attacks increased during the height of the pandemic as businesses started remote working—they currently are responsible for nearly 70% of company security and data breaches. These attacks can pose a significant risk for companies using remote or hybrid working, as it can be difficult keeping track of all the distributed devices accessing company data and accounts.

Phishers know that individuals may not recognize when an email is fraudulent, and that remote workers often don’t have a nearby coworker to consult on a suspicious email. Common phishing attacks include emails urging immediate password updates, policy updates, pandemic-related emails and payment information queries.

Handling the cyber security threats of phishing can be achieved by ensuring that all employees are informed of these risks and aware of phishing emails. Forming a communication structure between company-related emails and staff is a possible prevention method. This way, team members can immediately identify phishing attempts falling outside official company communication guidelines.

Nowadays, enterprise security can’t be taken for granted. Cyber-attacks are everywhere, and cybercriminals are constantly developing new schemes to break company security. The hybrid working model may expose large and small businesses to various security risks like sensitive data leakage, password theft, and personal data theft. These can occur through unsecured networks like home and public Wi-Fi and phishing attacks.

Fortunately, your business can achieve a safe hybrid working model. Encouraging cyber security awareness, maintaining safety standards and forming a small business cyber security plan can help keep your business and team members safe as they perform their duties online.

1. CISA. “Home Network Security | CISA”. Cisa.Gov, 2022. https://www.cisa.gov/uscert/ncas/tips/ST15-002.
2. Liu, Jennifer. “61% Of People Working From Home Are Doing So Because They Want To, Even Though Their Office Is Open”. CBNC, 2022. https://www.cnbc.com/2022/02/18/people-are-working-from-home-out-of-preference-not-just-necessity.html.
3. Microsoft. “Microsoft Digital Defense Report – Microsoft Security”. Microsoft.Com, 2022. https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report/.
4. Williams, Shannon. “Phishing Email Attacks Targeting Remote Workers On The Rise”. Securitybrief Asia, 2022. https://securitybrief.asia/story/phishing-email-attacks-targeting-remote-workers-on-the-rise.