Locks and Security News: your weekly locks and security industry newsletter
20th October 2021 Issue no. 578
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
As Cybersecurity Awareness Month begins, BSI advises cyber caution to organisations exploring new hybrid ways of working
With Cybersecurity Awareness Month kicking off, the importance of having secure IT systems and effective cybersecurity practices in place for organizations developing a hybrid working program is thrown into sharp relief.
Over the past eighteen months, many have wondered what the next normal would look like once organizations began allowing employees to return to the office in the post-pandemic era. However, as many societies have successfully begun to manage the spread of Covid-19, it has become the case that where an employee spends their working hours can largely depend on the approach preferred by their employer.
For example, tech and telecoms companies have unsurprisingly been found to be more in favour of remote or hybrid working than their counterparts in more traditional sectors such as financial services. Employees are now even beginning to leave their jobs to find an employer willing to allow them to adopt a more flexible approach to working. This trend of wide swathes of the workforce leaving for other opportunities has been dubbed the 'Great Resignation' and is becoming more prevalent in countries across the globe. In fact, a recent survey found that over a third of respondents would quit their job if forced to work from an office full-time again.
While remote or hybrid working allows for a better work-life balance and increased productivity levels in many cases, it also adds to the risks and vulnerabilities that organizations must consider when designing and adapting their organization's cybersecurity measures. Hybrid working has made IT systems and networks even more challenging to secure. For example, in a recent survey conducted by our partners Exonar, over a third (36%) of home workers have downloaded unapproved software onto computers to communicate with colleagues during homeworking.* This, combined with the added difficulty of understanding global data governance and compliance laws has substantially increased the number of opportunities for network breaches and security infringements to occur. In fact, less than half (39%) of those working from home claim to have a high level of understanding around their company's data protection policies.
Even if employees spend only half of their working hours in their home offices moving forward, it presents a situation ripe with serious cybersecurity issues. Organizations adopting such hybrid models should be continuously monitoring and analysing systems for vulnerabilities to ensure that none of a network's components fall behind on patching and update management. Moreover, if employees are bringing their own devices into the office after using them when working at home, organizations will need to consider the reduced state of security that characterizes most home networks and devices. Systems will need to be devised for device testing and sanitization procedures should be established before allowing unvetted devices to access a corporate network. As well as testing their devices, organizations should be testing their employees too - phishing attacks remain an easy route into corporate networks which makes employee awareness training pivotal in helping employees to spot these attacks and other types of malicious cyber activities that could potentially lead to ransomware attacks, data breaches and system failures within their organization.
The move to hybrid ways of working is not the only reason organizations now need to adopt more robust cybersecurity strategies. The frequency, severity and sophistication of cyber-attacks have all increased substantially since the beginning of the pandemic. Given today's cyber threat landscape and the emergence of new technologies, it is imperative that organizations have the correct protocols, policies and procedures in place to keep their information safe, data secure, infrastructure robust and ultimately, make them resilient. BSI is at the cornerstone of shaping such resilience, sharing and embedding best practice for organizations across the globe.
'With more than 20 years of expertise in cybersecurity, data privacy and business resilience consultancy, I've seen many different ways in which a weak approach to cybersecurity leads to difficulties and disruption, and most of these situations have stemmed from a lack of awareness,' says Mark Brown, Managing Director - Cybersecurity and Information Resilience at BSI. 'The advantages of working from home are just as appreciated by those looking to take advantage of a lack of cybersecurity in personal office environments. Educating the people that make up corporations is ultimately the best course of action and has become so much more important due to these new working models. That's why we're increasing what we can offer for organizations that work in this hybrid way, and why introducing and educating through our expansive portfolio of cybersecurity and information resilience services is so crucial.'
The new hybrid working model has many benefits and moving back to a full five day office-based work environment so soon post-pandemic certainly has its potential pitfalls. But with the right contingencies and fail-safes, new approaches to hybrid ways of working can become a more effective and more secure way of working for organization's looking to the future. BSI's Consulting Services for Cybersecurity and Information Resilience is specifically tasked with providing cyber risk advisory and security testing services to clients, looking at areas like data privacy, compliance and governance, as well as niche capabilities such as e-discovery, and e-forensics. In addition to these core services, a large number of new and enhanced services directed at overcoming the threat involved with emerging technologies such as Artificial Intelligence, Machine Learning, 5G, Blockchain, Industrial security are also offered by BSI, including but not limited to OT and IoT security, penetration testing technology arenas such as infrastructure, network application, attack simulation and red teaming exercises.
About BSI Consultancy Services
BSI Consultancy Services provides expertise to clients on the identification, protection, compliance and management of their information assets through a combination of consultancy, technology, research and training. Its mission is to help clients achieve Information Resilience - an environment where infrastructure is protected and secure, regulatory and compliance obligations are met, people are safe, and reputation and trust is maintained. The company's highly qualified consultants' experience and expertise cover the entire Information Governance landscape.
The company's credentials are enhanced by adherence to internationally recognized accreditations and certifications (CREST / Cyber Essentials / Payment Card Industry Data Security Standard Qualified Security Assessor). BSI is the originator of the ISO/IEC 27000 series of Information Security Standards and the global leader in providing training and certification to ISO/IEC 27001, the established best practice in Information Security Management Systems (ISMS).
For more information visit www.bsigroup.com
13th October 2021