Study lifts lid on hybrid IT security practice and policy

A large number of organisations have increased cyber security and data protocols over the past two years but still struggle with employee compliance. Whilst organisations have adapted security policies to accommodate hybrid work, they are still at risk due to lack of security awareness – particularly when data is on the move between work locations.

This is among the findings of a study of nearly 400 IT security practitioners across North America and Europe, conducted by USB manufacturer Apricorn.

For 81% of respondents, remote working is now a standard practice within their organisation, with half of all respondents revisiting and updating data security policies and processes that they put in place two years ago when remote work programmes were hastily deployed.

The risk of moving of data between work locations was highlighted by the fact that the majority of respondents (82%) said that encryption should be required to secure USB storage devices, but only 34% say encryption is mandated within their organisations to protect data on the move.

Employee compliance is a concern survey respondents need to address. One-quarter admit that employees are aware of IT security policies for remote work but are not adhering to them. When remote policies are not followed, it is usually due to employees not prioritising security practices despite being informed about them (51.8%) or because they are using personal devices (40.16%).

“Now that organisations have settled in and have adapted to hybrid work environments, IT security depends on the culture of the company and employee compliance now more than ever,” said Kurt Markley, US managing director, Apricorn. “IT security professionals shared that nearly three-fourths of remote employees don’t feel they are at risk of being targeted or successfully attacked. This demonstrates that there is a need for a stronger security culture among employees working outside of the corporate firewall. Protecting against cyber threats is not just an IT or security team issue – it’s a company issue.

“As organisations experience gaps in employee compliance, many are stepping up in terms of education which is key to elevating the culture of security in hybrid workplaces. The trust employees have in their organisations’ security protocols is encouraging, but it’s important they do not get complacent. Hybrid work may be normalised, but cyber security threats are always evolving. Continued policy updates and employee education and buy-in will remain of critical importance to hybrid workforce data security.”

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023