Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

A people-centric approach to hybrid work cybersecurity

By Robert R. Ackerman Jr.
remote workforce

Image via Unsplash

March 11, 2022

Hackers are a constant source of cyberattacks targeting companies and other organizations. However, an even bigger source of hacks and breaches is the threat of negligent or careless employees.

After all, employees are the ones who click on links, set passwords, configure IT systems and write software code. And, unfortunately, employees without cybersecurity training can be prone to making errors and being manipulated by social engineering. Threat actors know this all too well.

This situation naturally introduces the subject of the rapidly growing hybrid work  environment trend and its weaknesses, as well as its strengths — a crucial point, given that the hybrid work model contributes to rising cyberattacks as ever-more employees split their time between working in the office and remotely at home. Employees become a significant cybersecurity risk because remote workers are often not as secure in the digital age as workers on company premises.

This is unfortunate, and not merely because no security leaders want more cyberattacks and data breaches. The hybrid work environment came about as the COVID-19 pandemic evolved and sparked the creation of two simultaneous work environments for white-collar employees. Remote work was a requirement from the start because nobody wanted to be exposed to COVID-19 more than necessary. Still, working in the office some days also became popular. After all, in-person collaboration and the sharing of ideas has its advantages. Employees enjoyed their improved work-life balance and most managers were surprised to find that productivity didn’t fall off a cliff.

In some quarters, in fact, this development was regarded as “the best of both worlds” for management and employees alike.

Nonetheless, this isn’t good news in the cybersecurity world. Hybrid work will remain a headache until and unless organizations make a bigger effort to cope with the increased security risks.

Cybersecurity threats of hybrid work

Verizon’s 2021 Data Breach Investigations Report makes the issue abundantly clear. It found that an overwhelming majority of attacks now involve human error, as less secure remote workers spend more time online. A big problem, in particular, is credential stuffing, a type of cyberattack in which stolen account credentials — typically consisting of lists of usernames and/or email addresses and corresponding passwords — are used to gain unauthorized access to user accounts through large-scale automated login requests.

Security leaders know that credential stuffing is a significant problem, but many don’t stop to consider how much it spreads across attack patterns and sets the stage for many different types of data breaches, including spear phishing campaigns, ransomware attacks and the theft of the contents of a target mailbox.

It may be hard to believe, but having even a small presence in the office can create a false sense of safety for many organizations. With some staffers now tied back to the office network, employees might take a more relaxed approach to security behaviors because a feeling of mutual responsibility may disappear. When everyone is remote and facing the same enemies, on the other hand, there tends to be a shared sense of increased vigilance, even though it’s only modestly effective.

The risks of working from home

Early in the pandemic, the primary cybersecurity issue was that home offices weren’t professionally managed. Among other things, this meant many systems on home networks didn’t get software patches regularly, fostering out-of-date software and related vulnerabilities. This remains an issue today, of course, but the biggest headache is now different — employees regularly coming into the corporate environment from their home networks with laptops and USB drives can unknowingly spread malware.

Home networks are typically shared with others in the house, such as children playing online games or spouses working from home, creating additional cyber risks. Some laptops and/or USB drives contain malware and infect the corporate network. Meanwhile, cyber professionals, already overwhelmed by a huge worker shortfall, have to spend additional time looking at more user behavior patterns to spot anomalies and detect threats, undermining other duties.

Something has to be done to mitigate these issues. The number of cybersecurity hacks and breaches has exploded since the advent of the COVID-19 pandemic. The FBI’s Internet Crime Complaint Center (IC3) has reported that its number of cybersecurity complaints has skyrocketed from roughly 1,000 complaints daily in early 2020 to between 3,000 and 4,000 today. So far, the FBI mostly blames this on tens of millions more Americans working from home. As the hybrid work environment continues to grow, however, the numbers are likely to get even worse. A study by McKinsey found that nearly 70 percent of companies have yet to communicate a hybrid workplace plan or put one in place.

What is to be done to mitigate this and related issues? Here are a few suggestions:

  1. Reconsider lax BYOD policies. A recent survey by Palo Alto Networks found that employees of organizations that allow increased BYOD usage are eight times more likely to ignore, circumvent or disable security than companies that restrict BYOD. At minimum, organizations should mandate that BYOD devices have a strong security posture.
  2. Improve vendor risk assessment programs. Third-party vendors in general have turned out to be sizable security risks. If they don’t already exist, processes should be established to evaluate current and future vendor security capabilities and demand they be up to snuff. Requirements should include written information security policies and third-party audits and accreditations.
  3. Share the responsibility of security. Especially in the elevated risk of a hybrid work environment, effective security involves shared ownership across the organization, as well the deployment of tools, controls and policies. It was never enough for only a few people within an organization to monitor cybersecurity threats. All IT professionals in the company should work in unison to ensure robust security practices are in place throughout the organization.

A security-oriented culture can help an organization minimize IT security risk among a dispersed workforce. While people are the weakest link in any cybersecurity program, they can also be its strongest defense.


This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: Bring Your Own Device (BYOD) COVID-19 cyber security awareness hybrid workforce remote work security culture third-party risk work from home

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bob ackerman

Robert R. Ackerman Jr. is founder and managing director of AllegisCyber Capital and co-founder of cyber startup foundry DataTribe. He was the first investor to create a venture fund focused exclusively on cybersecurity and data science and has been investing in cybersecurity for more than 15 years in the U.S. and select international markets. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber_lock

    Companies need to enhance cybersecurity amid the continuation of COVID-19 in 2021

    See More
  • board of directors freepik

    Corporate boards are better at cybersecurity but still need improvement

    See More
  • cloud-computing-freepik

    Cloud computing is a bonanza – but security lags

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!