Subscribe
Search
Close this search box.

The blind spot in your hybrid working model to address now

  • Peter Yapp, Partner - Schillings
Peter is a former Deputy Director at the National Cyber Security Centre (NCSC) and now a Partner at Schillings.

Is security one of your top priorities for a hybrid working environment? Chances are, up to this point, you’ve been focused on the logistics of creating a hybrid model; what guidance do you give people, how can you ensure everyone feels connection. But information security needs to be a major consideration.

Many office staff will have worked completely remotely for 18 months. In many ways this has made security relatively simple – if everyone is working from home, or indeed if everyone is in the office, the threats you face are more predictable and more straight forward to mitigate against. But it looks increasingly likely that for most of us, the future is hybrid – with a mix of some home working and some office working. The more contagious delta variant and surging COVID-19 cases might be complicating the issue but now is still a good time to remind staff that security is everyone’s responsibility and not just an IT problem or a problem for the security team. Here are my top tips on where to start…

Physical security
There is a whole raft of physical information security issues quite apart from the myriad issues with electronic devices. First and foremost is the need to remind staff of the need to collectively protect their working space. At home they didn’t have to worry as much about shared working areas or physical security – they would be answering the door themselves and not letting strangers into their home. Back in the office, they need to remember not to hold doors open for unauthorised staff and not allow tailgating. Switching from the home to office environment on an almost daily basis will make it even more important to remind them of the importance of good physical security.

There is a chance that new staff may have joined the organisation and never visited the office, but this is not a reason to stop challenging people you do not know. In fact, it may be a good excuse to get to know your new colleagues better. Also remind staff about not working on (or speaking about) sensitive assignments on public transport. The business environment has never been more competitive and the drive to get a march on competitors may result in more direct means of trying to obtain information about that next deal, pricing or mergers and acquisitions.

In the office you may have had a clear desk policy – not something that you can check on in somebody’s home. But what about all the documents that staff felt they had to print out on their home printer?

Secure destruction
Now is the time to remind staff to shred sensitive documents once they have finished with them whether at home or at the office. If there has there been a build-up of sensitive documents to shred at home, arrange for these to be brought safely into the office. Staff should not use domestic straight shredders for sensitive documents – straight shredded paper can be reconstructed (it might take several hours, but I have seen it done). Either use the services of a reputable shredding company (some will shred documents in their vehicle outside your office) or use a cross shredder.

Office equipment
Things may have changed since you were last in the office, but you should be wary of any physical changes and if you see any new equipment, find out where it has come from and why. If you still have fixed desktop computers, check the back to see if there is anything out of the ordinary – key logging devices (that can capture passwords etc.) are easy to attach.

Find out from your IT provider/IT team to see if there are any changes to the WiFi network and adjust user logon and password details as appropriate.

Re-enforce the importance of the security of laptop and tablet devices and remind users to lock their screen when away from their device and lock away laptops when not being used. These good habits are not ones that will have been necessary in most home environments but are essential to reduce the risk of insider threats and the threats from external parties. With all the changes of location going on, it is also a good time to remind staff not to write down passwords.

Finally, check any inhouse servers within your communications rooms (if you haven’t moved completely to the cloud) for log files and CCTV to see if there is any unusual activity.

With many offices being unoccupied for the past 18 months, there may have been opportunities for adversaries to place listening devices ready for the resumption of sensitive face to face conversations.

Personal devices
In the rush to ensure all staff were able to carry on working remotely, some employers allowed staff to use personal devices for work. Unfortunately, these staff were much more likely to take risks with company data, like connecting to unsecured networks or sharing confidential files via email. Understandably, many firms adapted security policies or were less stringent in enforcing them with remote working. Now is the time to take back some control and examine company security measures to ensure they are not too complex or hindering productivity. Look to roll out business devices where personal devices have been used.

Returning laptops to corporate networks after they have been attached to unprotected home WiFi for so long is a risk. Malware (malicious unapproved software) could have been downloaded onto laptops and be currently dormant but be brought back to life once attached to the corporate network.

To check this is not the case, your IT team or provider should:

Step 1 – Carry out an audit of what staff want to bring back into the office

Step 2 – Quarantine devices

Step 3 – Check to see all (personal and corporate) devices are patched up to date

Step 4 – Review and re-write your BYOD (Bring Your Own Device) policies

Step 5 – Review and consider the use of encryption on mobile devices

Step 6 – Review/audit your security controls. Those with corporate devices may have had security controls altered during the pandemic to accommodate home working – e.g. having Bluetooth or USB enabled. These could present a risk if left unchecked as staff gradually return to the office.

With a return to commuting and people not being used to having their work overlooked, privacy screens for use on public transport will help mitigate the risk.

    Receive more HR related news and content with our Free Newsletter

    Read more

    Tips for managing stress in the workplace during Q4

    Is a zero-tolerance policy to sexual harassment just a corporate PR stunt?

    ‘It’s really amazing, what these women have been able to do!’

    Latest News

    Read More

    The hidden life behind the eager candidate

    14 November 2024

    Read More

    Health, Safety & Wellbeing

    13 November 2024

    How to support employees with problem gambling

    Problem gambling is fast becoming a significant challenge for organisations. The excess costs of harmful gambling (direct financial cost to government plus societal value of...

    Read More

    Retirement

    13 November 2024

    Preparing people for retirement

    Retirement is a milestone in life that we often anticipate with excitement and, at times, trepidation. It signifies not just the end of a professional...

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    British businesses risking talent exodus

    Warnings as remote working presents a significant cybersecurity concern

    Financial stress among lawyers is increasingly impacting law firms

    Warning for employers on new duties around sexual harassment

    Have businesses lost the diversity battle?

    Latest HR Jobs

    Human Resources Coordinator

    HAIL Partners are excited to be working with a boutique, hugely ambitious hedge fund who are looking for a driven, high achieving Human Resources Coordinator.

    Human Resources Advisor

    As HR Advisor for this Global omni-channel communications business, you will be responsible for ensuring the smooth operation of HR functions and fostering a positive

    Human Resources Assistant

    Catalyst have partnered with a leading international asset management firm seeking to hire a HR Assistant. This is an exciting opportunity to join a dynamic

    Human Resources Manager

    Human Resources Manager Do you thrive on inspiring teams and driving results? If so, we want you to be part of our team as the

    PUBLISHER

    Peter Banks

    Founder & CEO

    EDITOR

    Jason Spiller

    DIGITAL MARKETING

    Beenu Weerawardena

    Hady Elsayed

    SUBSCRIPTIONS

    Sonja Grimes

    ADVERTISING

    Chris Cope

    ADVERTISING SALES

    Publication and Online

    01454 292063   advertise@thehrdirector.com

    RECRUITMENT

    01454 292 069     recruit@thehrdirector.com

    CUSTOMER SERVICE

    01454 292 060
    info@thehrdirector.com

    SUBSCRIBER SERVICE

    +441454292060
    subs@thehrdirector.com

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read Online For Free

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read Online For Free