Hazlewoods is an independent member of HLB, a global network of independent professional accounting firms and business advisers, ready to assist you no matter where you want to do business.
In light of Cyber Security Awareness Month, this past October 2021, HLB did some international research and surveyed 136 IT professionals, interviewed HLB cyber security experts about today’s cyber risk landscape, the lessons learned and the road ahead for CTOs to protect against cyber crime in the age of hybrid working.
“It is clear the pandemic changed how we view cyber security. Awareness has been elevated, and this was fuelled by remote working.” says Partner, Scott Lawrence.
Hybrid work is the future of work: Managing cyber risk
The COVID-19 pandemic saw governments implementing restrictions which left companies with no other option but to adapt. The pandemic has broken through barriers that prevented remote work in the past, setting in motion a structural shift in terms of where our work takes place.
2020 saw business leaders putting technologies in place to get employees set up for remote work. Whilst cyber security was important, the most important thing was to successfully implement remote working.
However, with organisations turning to the cloud to support a hybrid workforce, the increasing reliance on online software poses a considerable cyber security risk.
Workers and businesses have now embraced the hybrid work model, with 44% of respondents feeling well-prepared for hybrid working and 44% feeling somewhat prepared. This means that, when it comes to cyber risk, business leaders have now been able to move from being reactive to being proactive.
As we look ahead to the future of work, cyber security solutions play a prominent role.
To retain talent, companies want to continue offering flexibility and hybrid work options, whilst also protecting their organisations from cyber threats. The majority of respondents said they had adjusted their cyber security strategies and protocols, with 44% saying they changed them somewhat and 39% saying they changed them drastically.
Cyber security policies should cover mobile and desktop devices, social media use, email security and should also consider the cyber security risk of any third-party.
Of those who made changes to their cyber security strategies, 39% increased employee training, 36% increased their budget and 12% invested in a cyber resilience programme.
Furthermore, 28% of survey respondents reported implementing a framework, which typically includes a business continuity and a disaster recovery plan.
Employees are at the core of cyber security
Although organisations implement security measures, employees play one of the most significant roles. Too often, businesses find it is employees who are the weak link in cyber security, and it is key for organisations to focus on staff training and awareness.
The survey found that 57% of respondents take employee education seriously and have a no-exceptions policy, whilst 33% state that they do educate their staff but struggle with employee compliance.
The best cyber security solutions aim to build better habits. Beyond traditional solutions to improve employee education, leadership must model the behaviour and keep communication open to emphasise the importance of cyber security. In the survey, roughly one-quarter of the respondents shifted to cyber security actioning at the senior level, which suggests that leaders recognise a top-down approach is key.
How CTOs meet cyber security challenges
Below are the ways in which respondents address cyber security in their organisations:
- Cyber security services: Hiring advisers as cyber security experts.
- IT employees: Implementing specialised teams to manage phishing and ransomware incidents.
- IT security lead: Creating a new IT job role that oversees all cyber-related duties.
- Analytics: Increasing the use of analytics and security event reporting.
- Cyber security tools: Deploying various tech tools to bolster cyber security efforts, such as cloud services, quarantining unknown emails and encrypting data.
- Policies and protocols: Adopting clear procedures for dealing with suspicious emails, protocols for file retention and maintain a rapid response recovery plan.
- Employee education: Implementing mandated trainings and devising company-wide workshops.
Securing the future
Some organisations lead the industry by adjusting protocols and building new frameworks, whilst others seek out simple best practices and quick wins. Finally, a minority have made minimal changes and continue to retain on-site staff. In these cases, industry, company size or geography may reduce the necessity for remote working, cloud-based tools or off-site security measures.
However, cyber attacks are increasing, regardless of the business size or industry, meaning that a comprehensive cyber security strategy is vital for companies with a long-term hybrid workforce.
For international business enquires, please contact Scott Lawrence on scott.lawrence@hazlewoods.co.uk or 01242 680000.