-

Top tips for staying cyber safe in the hybrid working model

‘Adapt to survive’ has been the workforce mantra of the Covid-19 era, as staff in firms of all sizes have strived to adjust to new working styles based mainly at home. As the world begins to open up again and many firms look to adopt a part-home, part-office hybrid working model, keeping on top of security becomes a key task. That same ‘adapt to survive’ mantra is more important than ever, especially when assessing the associated cyber threats.

Cyber threats are on the rise

Cyberattacks are becoming more sophisticated, with many corporates claiming that the incident rate has increased as a direct result of working from home.

Open Goal

With employees working from a corporate office plus an array of home network set-ups, fraudsters have a better chance of gaining access into the corporate network.

Contingency Plan

Explore ways in which corporates can plan ahead to avoid cyberattacks such as phishing, where hackers masquerade as trusted individuals or parties.

Boosting Resilience

What factors are important to consider as the hybrid working model cements its position as the dominant work style?

Key Lessons

Top tips on how to help mitigate the risk of cyberattacks.

Cyber threats are on the rise

In June 2021, US cybersecurity specialist VMware Carbon Black published its latest Global Security Insights Report. Three-quarters (76%) of the respondents said that the number of cyberattacks they have experienced rose in 2020. Within that segment, 78% said that the incident rate had increased as a direct result of the home-working boom, while 79% said that attacks had become more sophisticated.

In his foreword, VMware Carbon Black principal cybersecurity strategist Rick McElroy writes: “Digital transformation programmes advanced rapidly as the cyberattack surface expanded to include living rooms, kitchens, home networks and personal devices.”

Open goal

Covid-19 has indeed left an indelible mark, shaking the white-collar workforce free from the traditional berth of the office and reframing the home as the primary site of production. ‘Hybrid working’ is the buzz phrase on everyone’s lips.

But how can corporates avoid leaving a permanently open goal for cybercrime? That question is high on the agenda for Jason Harrell – executive director and head of external engagement at US post-trade financial services firm DTCC. As the company’s cyber resilience lead, Harrell is taking a keen interest in how cyber threats are evolving in line with the hybrid-working boom. And the past 18 months have already produced some lessons.

“The shift from an ‘everyone at HQ’ model to a ‘corporate office plus an array of home networks’ set-up increases the available surface area for attacking the corporate network,” Harrell explains.

He notes: “At home, we have Internet of Things (IoT) gadgets, streaming TVs, mobile devices, smart-home features for tasks such as temperature control – all of which could be operating on the same network as hardware used to access the corporate office. Domestic devices’ security status is often unknown. And if staff don’t know how to protect those household devices, they will provide a vector for malicious actors to gain proxy access to the corporate network.”

Contingency plan

Another factor that Harrell warns corporates to be more aware of is that stressed staff working from home could be more vulnerable to phishing, where hackers masquerade as trusted individuals or parties. “At home, there are more distractions,” he points out. “And with Covid-19 continuing to dominate the news cycle, this event will probably continue to be used as bait for links in phishing messages.”

Harrell advises treasurers: “For your domestic Wi-Fi networks, make sure you choose strong passwords and change them on occasion. That’s one simple way to prevent people from accessing your home network. Another is that if you’re not actually using your corporate device, just turn it off. Don’t have it active-but-idling on the network.”

From a management perspective, he urges: “Carry out checks on any relevant employee devices before they’re allowed to connect to your network, so you have some level of assurance around their baseline security.”

Patrick Verspecht is group treasurer at a multinational firm and a director at the Belgian Association of Corporate Treasurers. In his corporate work, he explains, his department managed to anticipate the Covid-19 era’s requirements for cyber resilience: “Our treasury team was prepared for an era of working from home, because in 2019 the business set up a contingency plan for remote working. Every member of the team now has a company printer, company cell phone and company notebook. Those devices all have network access – but we use a highly secure VPN to connect to people’s homes.”

In addition, he notes: “We launched cyber-fraud training for all our people across the globe. Periodically, we test our processes by simulating issues such as CEO fraud, fake emails and other security risks. The results are improving dramatically and we believe that we have the right tools and processes in place to protect us from those risks. Even while we acknowledge that a 0% risk environment does not, and will never, exist.”

Boosting resilience

In the long term, then, which cybersecurity considerations should be front of mind for treasurers as hybrid working cements its position as the dominant work style?

Verspecht notes: “The budget impacts of boosting cybersecurity may be higher than we expect. Perhaps we, as corporate treasurers, will need to invest in new tools, or review and update existing ones. Another major question that corporates must ask themselves is: do we have broad cyber coverage in our insurance? Very often you will need to purchase a separate policy. Last year I asked our broker if any of our policies would cover cyber fraud, and the answer was not fully positive. We do have comprehensive cyber insurance now – but we expect a double-digit rise in premiums this year.”

Turning to emerging threats, Verspecht says: “I see potential for risks to emerge from some of the new functionalities in cash management, such as instant payments for the euro area. That is something that corporates will need to monitor and prepare for. In parallel, it’s important to educate all of our employees about how different threats work and how they can be stopped or contained.”

On a broader level, Harrell notes: “Organisations must think about how to implement remedies in a meaningful and thoughtful way. Leaders must document the performance of their chosen solutions, and ensure they have understood the risk factors within their new working environment. They must also explore new technologies that boost resilience – for example, tools such as artificial intelligence, distributed ledger and the cloud. How can we better utilise those resources to automate activities and remove the human element?”

He adds: “My hope is that hybrid working will allow organisations to tap into talent that may not be resident near corporate offices, and that it will provide a healthier work-life balance. My concern is that there will be increased compromises of popular IoT devices, and that those devices will create new security breaches for corporate networks.”

Key lessons

  • Regularly screen employees’ devices for potential cyber risks
  • Switch off corporate devices at home if you’re not using them
  • Routinely change your home Wi-Fi password, and ensure each iteration is strong
  • Build awareness through companywide tests that simulate different threat scenarios
  • Ensure your firm is covered with comprehensive, up-to-date cyber insurance
  • Find out how new technologies can enhance your cyber resilience.

ACT Cash Management

The 2021 ACT Cash Management Conference, powered by Barclays, was a chance to celebrate what treasurers have achieved over the past year – and to look at future trends in cash management. You can watch all the session replays from the event, plus additional content here.

ACT Treasury Excellence as Standard

Read related insights

Insights

Cash management

Discover the latest insights and trends from the 2021 ACT Cash Management Conference, powered by Barclays.

Why cash management is vital for Covid-19 recovery

Group treasurers from two blue-chip companies explain the primacy of cash visibility post-pandemic.

Insights

Fraud Protection

Fraudsters are working as hard as you are. Our content can help you stay ahead of them.

insights

Cyber Fraud Toolkit

What are the key cyber fraud threats your business may face today, and how can you mitigate those risks?