There has been a serious culture change over the last two years, with many organisations having now adopted a hybrid working model. While initial concerns focused on infrastructure, equipment, and bandwidth provision, workers are now far more accustomed to working from home. However, organisations are now far more vulnerable to security threats than ever before. Security teams will have built policies and procedures that protect individuals and their wider infrastructure. With the reliance on personal devices, cloud networks, and remote access technology, it is fair to say that employees have been operating outside of the traditional IT safety-net – there is a real risk of employees making bad choices. If remote working is to continue at this scale, businesses must implement the correct tools to minimise their exposure and mitigate potential threats.

The threat landscape is constantly evolving, so organisations need to keep pace and ensure that they regularly reviewing and upgrading their defences. Some approaches that worked just a few years ago are now obsolete and attackers change their profile far quicker now, so it is incredibly difficult to identify which packet requests are nefarious. To minimise the risk of attacks, organisations should implement a training session for staff members as soon as possible, so they can fully understand the associated risks with using their own devices. This will help staff members collectively understand the core best practices, including data security management, enforcing strong passwords on personal devices, and safer habits online. To keep the information fresh in all staff members minds, this could be carried out every few months, depending on the scale of the organisation.

Moving forward, IT departments must be able to maintain proficient security protocols or policies for years to come. Inevitably, this means increasing the amount of IT security staff and ensuring all staff are sufficiently trained, even if just basic cyber skills. The first line of defence for organisations to stop some attacks is to simply educate employees about the dangers of clicking on links. Employees need to be well trained on aspects such as cybersecurity best practices such as phishing and data sharing practices, keeping software updated, unique strong passwords, enabling two-factor authentication.