skip navigation
skip mega-menu

Top Strategies to Strengthen Cyber Resilience for Hybrid Working

A recent survey by Forbes found that 63% of respondents worked remotely or in a hybrid model, showcasing that even years after the COVID 19 pandemic, hybrid working remains the norm. The importance of securing employees and the systems they access, whether they are working in the office or remotely, cannot be understated.

Remote and Hybrid Working in the UK: Before and After the Pandemic

According to a report by the Wales Institute of Social and Economic Research and Data (WISERD) just 4.7% of UK employees worked from home in 2019, prior to the COVID-19 pandemic. However, by April 2020, 46.6% of employees did at least part of their job from home, and in 2022, a quarter of all UK employees worked in hybrid environments and 13% were working fully remotely. 

The speed and scale at which the pandemic shifted a significant portion of UK’s workforce to hybrid/remote working, underscores the massive increase in cyber threats and incidents that followed, and the challenges that businesses and organisations would need to address in order to adapt. [source: ONS]

Cyber Threats and Risk Implications for Hybrid Working

Cyber attacks Up 238% Since the Pandemic

According to a study by Alliance Virtual Offices, the frequency of cyber attacks has surged by 238% since the shift to widespread remote working, largely driven by vulnerabilities in home networks and personal devices. Remote work has also increased the cost of data breaches for companies by an average of £104,077 (converted from $USD). Despite this, only 56% of remote employees receive regular cyber security training, increasing the risks for organisations operating in a more digital environment. [source: Yahoo Finance]

BYOD and Home Networks Expand Attack Surface

Research from Lookout found that 32% of remote workers use apps not approved by their company’s IT department, and 90% access corporate networks from multiple locations, including coffee shops and public Wi-Fi, which increases cyber risk. This can also increase exposure to threats like phishing and malware attacks, especially as 46% of employees save work files on personal devices. [source: IT Security Guru]

Common Attack Vectors – An increase in RDP Abuse

In light of so many organisations migrating to remote/hybrid working models, threat actors have turned their sights to exploiting remote/virtual desktop technologies as a means of bypassing external defensive parameters and gaining a foothold on the internal network. 

Remote desktop protocol (RDP) is a common method for establishing remote access on Windows systems. According to a recent report by Sophos found that cyber criminals abused remote desktop protocol in 90% of attacks. This was the highest incidence of RDP abuse since Sophos began releasing its Active Adversary reports in 2021, covering data from 2020.

Remote Work Security Gaps

Cyber security experts also warn that hybrid work models expose companies to new risks. Remote workers that use unsecured personal devices and networks are a target for cyber criminals as they increasingly target collaboration apps like Slack and Teams to launch social engineering attacks. With the introduction of faster 5G networks, attacks on mobile devices are also expected to rise, as noted by UpGuard.

Best Practices and Recommendations for Securing Remote/Hybrid Working Environments

The evolution of digital security is now at a pivotal point. The old models, based on clear boundaries between “inside” and “outside,” no longer hold. IT and InfoSec teams now have to contend with much greater digital attack surfaces, endpoint and firmware management challenges and company-wide adherence to remote/hybrid working policies.

A Forrester study in 2023, found that remote and hybrid working models has magnified IT operational challenges for 75% of participating organisations. Below are some best practices and essentials for secure remote/hybrid working models:

Implement Strong Access Controls

Organisations must ensure that only authorised users can access corporate systems. This includes multi-factor authentication (MFA) and device authentication, which requires pre-registering devices before allowing network access. Zero-trust security models that continuously verify user identities and devices are also highly recommended for hybrid environments (Security Boulevard).

Adopt Zero Trust Architecture

Zero Trust is an architectural approach where inherent trust in the network is removed, the network is assumed hostile, and each request is verified based on an access policy. By implementing a “never trust, always verify” approach to network security, requiring continuous authentication and least-privilege access to ensure that every request—whether from inside or outside the network—is fully verified before access is granted, organisations can significantly reduce lateral movement from possible threat actors and improves security across cloud, on-premises, and hybrid environments. NIST has published further guidance on Zero Trust Architecture here.

Develop and Enforce a BYOD Policy, Using Encryption and Backups.

Clear policies for using personal devices for work must be established, covering security measures such as mandatory installation of security software and limiting personal use on company devices, while limiting the amount of access through personal devices. This minimises the risk of unauthorised access and data leakage.

Encrypting all stored data on devices used for remote work adds an extra layer of protection in case of theft or unauthorised access. It’s also essential to back up important data regularly, ensuring it can be restored in the event of a cyber attack or system failure. Additionally, enabling remote wipe capabilities for lost or compromised devices ensures sensitive data can be erased quickly.

Use Secure Networks and Tools

Remote workers should avoid public Wi-Fi where possible due to its high vulnerability. Instead, they should rely on personal hotspots or secure VPNs, which encrypt data and protect it from potential attackers on unsecured networks. Similarly, using secure video conferencing platforms and company-approved email systems helps reduce the risk of unauthorised access to communications.

Regular Penetration Testing and Red Teaming

Penetration testing and Red Team exercises are crucial for identifying vulnerabilities across their external and corporate networks, applications or devices before attackers can exploit them. By conducting Targeted Attack Simulations (TAS) or Red Team exercises that simulate exploiting vulnerabilities or gaps in remote/hybrid working environments companies can evaluate their overall security posture of their remote working infrastructure and focus resources on vulnerable areas to improve their defences against such attack vectors.

Regular Software Updates and Endpoint Protection

Ensuring that all devices, including personal ones used for work (BYOD), have up-to-date antivirus and firewall protection is crucial. 

Regularly updating and patching software, coupled with continuous vulnerability assessments, is vital for maintaining a secure infrastructure. Cyber security as a Service (CSaaS) solutions, such as CyberLab Control, can help companies manage vulnerabilities effectively without overburdening internal teams.

Phishing and Social Engineering Awareness Training

Employees are often the first line of defence against cyber threats. Regular training sessions on phishing, social engineering, and secure data handling can significantly reduce the risk of human error leading to a security breach

Managed Detection and Response (MDR)

Endpoint detection alone is no longer sufficient given today’s digital threat landscape. Organisations must now employ an “always-on” threat detection and monitoring capability. However, employing and retaining qualified cyber security analysts, engineers can very expensive and hard to come by, let alone the continuously high costs of using XDR and SIEM technologies. Running a 24/7 SOC (Security Operations Centre) in-house with experienced analysts and security experts with state-of-the-art defensive technologies are typically reserved for multi-national conglomerates and banks.

MDR services (Managed Detection and Response) provide continuous monitoring and analysis of an organisation’s entire estate, including endpoints, network traffic and activity logs. By outsourcing to experts, firms can ensure that threats are detected and mitigated in real-time, reducing the risk of a successful attack.

Explore jobs at CyberLab

Cyber Security Account Executive

CyberLab is a specialist cyber security company that provides a wide range of security solutions and services. Your one-stop cyber security advisor, the CyberLab team is equipped with the right technology, knowledge, and expertise to help businesses of all sizes, including large public sector organisations.By leveraging world-class technology, decades of experience, and our vendor partnerships, we have helped to secure thousands of organisations across the UK. Our unique Detect, Protect, Support approach makes us the perfect partner to review and reinforce your cyber security defences.  "a great place to work a great place to be a customer"The CyberLab team are proud to help protect over 1000 of the UK’s blue-chip enterprise businesses, government departments, and household names.We have helped organisations of all shapes and sizes to improve their cyber security:"With continued support from CyberLab we are able to ensure our solutions are always fit for purpose.” - Andrew Chaplin, IT infrastructure, Spicerhaart “Having usedOur customers rate us as Excellent on TrustPilot CyberLab before in a previous Head of IT role, I had no hesitation in engaging them again to assist us with our security needs. Simply, I wouldn’t use them if they didn’t consistently deliver value.” - Head of IT, NHS Trust “CyberLab are always there to help. Being able to pick up the phone or email and have access to a dedicated account manager who is always there to assist provides excellent value for us." - Simon Hobdell, Technical Team Leader, Buckinghamshire Council  CyberLab, a specialist cyber security company combining Chess Cyber Security, Armadillo Sec and Cyberlab ConsultingOur HistorySince the acquisition of Foursys in 2017, Chess has been on a journey to becoming a cyber security powerhouse. In 2021, 15 of the UK’s top Penetration Test experts joined the company through the acquisition of Armadillo Sec. In 2023, Chess acquired Cyberlab Consulting, a specialist cyber security consultancy that provides a range of compliance and managed security services, including a cyber security as a service (CSaaS) platform.In May 2023, Chess Cyber Security became independent from Chess ICT, bringing all of our cyber security operations under the CyberLab banner – a specialist cyber security company combining Chess Cyber Security, Armadillo Sec and Cyberlab Consulting into one entity, providing a one-stop shop for all UK business Security needs.

CyberLab
Cyber Security Account Director

CyberLab is a specialist cyber security company that provides a wide range of security solutions and services. Your one-stop cyber security advisor, the CyberLab team is equipped with the right technology, knowledge, and expertise to help businesses of all sizes, including large public sector organisations.By leveraging world-class technology, decades of experience, and our vendor partnerships, we have helped to secure thousands of organisations across the UK. Our unique Detect, Protect, Support approach makes us the perfect partner to review and reinforce your cyber security defences.  "a great place to work a great place to be a customer"The CyberLab team are proud to help protect over 1000 of the UK’s blue-chip enterprise businesses, government departments, and household names.We have helped organisations of all shapes and sizes to improve their cyber security:"With continued support from CyberLab we are able to ensure our solutions are always fit for purpose.” - Andrew Chaplin, IT infrastructure, Spicerhaart “Having usedOur customers rate us as Excellent on TrustPilot CyberLab before in a previous Head of IT role, I had no hesitation in engaging them again to assist us with our security needs. Simply, I wouldn’t use them if they didn’t consistently deliver value.” - Head of IT, NHS Trust “CyberLab are always there to help. Being able to pick up the phone or email and have access to a dedicated account manager who is always there to assist provides excellent value for us." - Simon Hobdell, Technical Team Leader, Buckinghamshire Council  CyberLab, a specialist cyber security company combining Chess Cyber Security, Armadillo Sec and Cyberlab ConsultingOur HistorySince the acquisition of Foursys in 2017, Chess has been on a journey to becoming a cyber security powerhouse. In 2021, 15 of the UK’s top Penetration Test experts joined the company through the acquisition of Armadillo Sec. In 2023, Chess acquired Cyberlab Consulting, a specialist cyber security consultancy that provides a range of compliance and managed security services, including a cyber security as a service (CSaaS) platform.In May 2023, Chess Cyber Security became independent from Chess ICT, bringing all of our cyber security operations under the CyberLab banner – a specialist cyber security company combining Chess Cyber Security, Armadillo Sec and Cyberlab Consulting into one entity, providing a one-stop shop for all UK business Security needs.

CyberLab

Subscribe to our newsletter

Sign up here