Although COVID-19 guidance currently sees many business shift back to working from home, hybrid working became the norm last year, with organisations embracing this flexible way of working. 

It has seen businesses transform the way they work, rethinking old systems and putting in place new technology to allow for a more flexible working week. While the opportunity for more work-life balance has been a fundamental benefit, the change brings IT vulnerabilities that we must be considerate of. 

Cyber-attacks have increased over the past year, with over 5,200 data breaches confirmed globally in 2021 so far, a sharp increase on the 3,950 reported in 2020. With businesses more vulnerable to online scams and hackers, putting processes in place to help withstand an attack is vital. 

At IONOS, we wanted to explore the impact of hybrid working on current cyber security priorities and wider IT concerns, commissioning research to explore the biggest security risks faced when it comes to this new work model. Conducted by Censuswide, we polled 557 IT decision makers to understand the current challenges, as well as attitudes on how organisations can stay safe and secure.  

The first area explored the biggest security risks. User devices acting as gateways for malicious attacks were the biggest concern, followed by employees being less attentive to risks when at home and user devices being away from the corporate network for too long. 

Four in 10 also admitted to their business having a cyber security skills gap, with a third saying this is putting their organisation at risk. Cyber threats mixed with this IT skills gap is a worrying combination and all the more reason businesses must take action to stay secure. 

Managing data in line with legislation, like EU GDPR laws, is essential and hybrid working adds another layer of complexity to this. Worryingly the survey showed that it is having a negative impact, with over a third asked stating that working from home means employees are not adhering to data protection standards. Education and awareness is paramount if teams aren’t clear how this legislation applies to their everyday responsibilities, as it can result in significant monetary fines and reputational damage. 

Legislation is not the only concern for senior leaders when considering the impact of hybrid working. The survey found that over two thirds of respondents say hybrid working is adding more pressure to ensure the business is prepared for cyber security threats, showing this is an added burden for stretched IT teams. With this in mind, senior leaders and the wider business must understand the potential issues and play their part to reduce the likelihood of an attack taking place. 

While the evolution of the workplace continues, almost three quarters agreed that their business must communicate more regularly about the increased cyber security risks this produces, and two thirds also want to see greater support to help them ensure the business is prepared against threats. Investing in more education for employees on cyber security risks and putting longer term strategies in place were the two key areas IT professionals believed their businesses need to focus on to improve security. 

Mandatory staff training, appointing cyber security and data protection champions, and circulating reading materials can be simple but effective ways to boost awareness and educate employees. 

Steps like this can help equip employees with the skills to spot enhanced phishing and ransomware attacks, an important part of the puzzle when managing cyber-attack threats. 

The data shows there’s work to be done, but it’s positive to see that businesses are already taking action to implement change. 67 per cent of IT DM’s asked agree that the business they work for is putting enough funding into updating its cyber security strategy in the face of hybrid working.

Cloud-based IT operating models were another solution for cybersecurity highlighted in the research, and the two main methods being explored were increasing the use of hybrid cloud management and moving workloads and applications to the private cloud. 

The complexity of managing hybrid working environments means considering a multiple cloud strategy to address different use cases can be hugely beneficial to not only address cyber-threats but manage sensitive data securely as well.

Businesses may also want to consider mitigating risk further by working with European-based cloud providers that adhere to GDPR – rather than those that must also work under laws such as the US CLOUD Act.

Action must be taken to protect businesses before it’s too late. Whether that’s an improved training programme, upskilling teams or investing in an improved cloud strategy to provide flexible, scalable and secure platforms, these all play a crucial role in keeping businesses protected.

For those unsure where to start, external cloud providers, like IONOS, can work with IT teams to put a strategy in place tailored to your business’s hybrid working needs, while offering an extra layer of defence and additional knowledge on ever-evolving cyber threats and legislation changes.

For more information on IONOS Cloud, or to speak to an IONOS expert, visit: https://cloud.ionos.co.uk/

Peter Prahl is responsible for the international cloud business, digital sales, and alliances with cloud-native consultancies and technology partners. In this role, he focuses on both the international expansion and scaling of the cloud business in close collaboration with partners. 

Peter joined IONOS in March 2021 after 8 years of successfully managing and building AWS’ channel and partner business in Central Europe. Since his time at NVIDIA in 2009, Peter has been a cloud-native himself, having implemented the first use cases of cloud computing in the field of visualization and rendering for the automotive, architecture, and entertainment industries.