- Testing, training and education
- Evolving best practices: What’s next for securing remote work
By
- Scott Burman
Published: 20 Dec 2023
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward?
If there’s one positive from the news stories of cyber attacks targeted at the UK in recent years, it’s that as a nation we’re much more astute when it comes to recognising the dangers. Another is that our businesses, government departments, charities and institutions are finally waking up to the risks posed by cyber criminals.
Britain’s workforce is much more aware of phishing attempts and cyber attacks than they were pre-Covid, partly thanks to the increased media attention from the mainstream press, specialist trade publications, television and radio. Three years post-Covid, the landscape of end user cyber security best practices continues to evolve in response to the persistent trend of remote work. With the widespread adoption of flexible work arrangements, ensuring the security of end user devices and data has become a top priority. Organisations are increasingly implementing and refining strategies to address the unique challenges posed by remote work environments.
One of the key messages that’s been repeated in the news, and by cyber security observers and commentators, is that it’s now not a case of if but when an organisation will be the victim of a cyber attack. Sometimes it will be obvious because the adversary will demand a ransom fee but occasionally the organisation won’t even know they’ve been infiltrated, perhaps because a state-sponsored group has quietly stolen their data.
This important message has been accepted and understood by many company boards and key decision makers. Gradually, more executive teams are taking action. Everyone is vulnerable but everyone can take positive action to protect themselves and to prepare to respond in case they are compromised.
Increasingly, companies are training their employees around phishing attacks and regularly testing their abilities to spot malicious messages and raise the alarm. This should be standard practice and ongoing cyber security training for remote employees is essential. This includes awareness programmes on phishing attacks, social engineering tactics, and other cyber threats to enhance the human firewall. According to the latest Microsoft Digital Defense Report, phishing attempts made up 25% of all cyber-attacks between July 2022 and June 2023. Employees can be the first defence against such threats.
While the old style of security involved building a strong, high fence around the organisation’s assets and assuming nothing gets through, this method is now out of date. As the IT estate has become so large, varied and complex, with employees using smartphones, apps, hybrid cloud platforms and more, the best approach today is to monitor all assets regularly and assume that cybercriminals still get through. This may make it seem as though an organisation isn’t trusting its defences,