In early 2020, the world started to work from home. For many of us, it was our first time working outside of the bounds of the office and the change took some getting used to.

Fast-forward two years later, remote working is here to stay. In fact, according to a Gartner survey, over 82% of company leaders plan to permanently allow their employees to work remotely at least part of the time.

But working from home is about more than doing laundry between virtual meetings. For IT departments, remote working brings with it a number of cybersecurity risks. Here’s how hybrid work is changing the face of cybersecurity:

Security is no longer just a job for IT

Prior to the rise of hybrid and remote working, the average employee wasn’t especially clued-up on security hygiene or best practices. And while it wasn’t an ideal situation, within the safe perimeters of the office (and the company network), most IT departments could deal with the occasional security nightmare.

But with employees working from their own homes, far from the watchful gaze of the IT department, the responsibility for upholding cybersecurity best practices has shifted onto employees’ shoulders.

Alongside their daily work, employees now need to consider: Who is standing behind me while I’m working? Am I using a protected network? Am I leaving my device unlocked and unattended? Should I ever let my partner or family members borrow my work device?

Employees are certainly becoming more cybersecurity-savvy, but to ensure they don’t fall victim to phishing or accidental insider threats, IT leaders still need to educate teams on the cybersecurity risks of remote working and security best practices.

Don't miss out on the latest service management trends, tips, and tricks - delivered straight to your inbox

The rise of "third space” working

When remote working started to become the norm, the primary focus for the majority of IT departments was securing people’s home environments for working. Sounds obvious, right? But the reality is, research shows that more people are starting to work in so-called “third spaces” such as cafes, libraries, or on the go.

This has big implications for IT as, while these spaces offer employees freedom and flexibility, they also increase the risk of security threats. The combination of a more distracting environment, the presence of strangers, and unprotected networks makes working outside of the home office even more dangerous. So, when establishing cybersecurity measures for hybrid working, it’s especially important to take these “third spaces” into account.

Security teams need to take a proactive approach to cybersecurity rather than a reactive one.

Proactive over reactive

Cybersecurity attacks were already becoming increasingly frequent and sophisticated before 2020, but remote working put the risks of these attacks into overdrive.

According to Splunk’s State of Cybersecurity report in 2022, over 49% of organizations say they’ve suffered a data breach over the past two years, up from 39% from their results pre-pandemic.

Now more than ever, security teams need to take a proactive approach to cybersecurity rather than a reactive one. This means taking measures to prevent cyberattacks from happening in the first place, rather than responding to incidents when they occur. That includes things like educating employees on cybersecurity awareness, periodically assessing your internal systems for vulnerabilities, managing shadow IT, and more.

And if something does go wrong, here’s how to manage panic at the service desk.

The basics still matter most

The rise of remote working may have made it even more important to be vigilant when it comes to cyber security – but it’s not all doom and gloom. You’ll be glad to hear that the majority of cyberattacks don’t require sophisticated technology or even a highly skilled security department to stop them in their tracks.

Preventing breaches doesn’t have to be a complex operation – it’s all about making sure that the basics of cyber hygiene are being adhered to throughout the organization. This means that keeping an eye on things like multi-factor authentication, least privilege access, and keeping devices up to date should still be a top priority for IT departments.

Want to know how to maintain security when employees are working remotely?

Read our top tips in this blog.