It’s estimated that every 39 seconds, a hacker attacks. With this high level of risk, strategic changes can make your business more vulnerable. 

Cyber-attacks can have many goals, but they tend to home in on what your company values the most. For example, cyber-criminals may focus on taking the website of an e-commerce business offline as this will affect their revenue and reputation. Whereas if the target was a healthcare provider, then patient data may be the target as this would compromise patient confidentiality.

Prevention is better than cure, with the reputational damage of an attack having a long reaching effect on an organisation. IT and security teams should focus on the three core pillars of cyber-security – people, technology, and estate – to ensure that everyone has the knowledge and ability to protect their organisation.

When strategic changes such as modes of working are put into place, the risk to cyber-security should always be considered. Many businesses have now implemented formal hybrid-working policies, which can then make an organisation more vulnerable to cyber-attacks.

The increase of personal work devices is one driver, as they’re often more vulnerable to malware infections due to weak or hardcoded passwords, outdated components and lack of updates.

Another risk factor is the increased use of public wi-fi, with employees choosing to work from places such as cafes or public libraries. These networks often lack the security of a personal or business-owned wi-fi, making it easy for cyber-criminals to circulate malware – enabling them to spy on your employees and access details such as usernames, passwords, bank details and more.

The increase in the number of devices in use is another consideration as the more devices your business has, the bigger the surface area for cyber-attacks. Where once all devices for business use will have been approved by IT, there’s now the potential for staff to use their personal devices across a range of networks, increasing the risk.  

An easy way to mitigate risks brought about by hybrid working is to educate your employees on the importance of using your organisation's business VPN. Whether they’re on a company or personal device, by using a secure VPN they’re reducing the risk of cyber-attacks while maintaining a flexible work environment.

The supply chain can be another area of risk. A cyber-attacker can hack one supplier and gain access to a multitude of other organisations with little effort.

Employee changes are another factor to consider with the risk of insider threat. Each new hire increases the security risk with the potential to click phishing links or failure to use a business VPN.

To prevent cyber-attackers using your supply chain to gain access, suppliers should be screened to ensure that they match the same standards as your organisation in terms of security policies and practices.

Regular mandatory employee training can also help to counteract the risks brought about by new employees being added to the business.