As Britain looks set to embrace a long-term shift to remote working, cyber security needs to be urgently prioritised as a health and safety risk. It comes as recent reports show hackers earned a record £28m last year for reporting software flaws during the pandemic¹. Meanwhile, with more companies introducing hybrid models of working in which staff split their time between the office and home², cyber security is increasingly becoming a health and safety issue, with rising pressure on firms to create a ‘cyber safe’ working environment – whether that is in the home or the office³.

As such, businesses should mitigate this rising risk by improving cyber security culture within their organisation and ensuring all employees are trained and up to date on the latest best practices.

Basilio Vieira, Lead Auditor at Bureau Veritas, said: “The coronavirus pandemic has irreversibly changed the way we work. And with more of us set to split our working week between the home and the office, organisations need to respond to this ‘paradigm shift’ by treating information security as a health and safety risk.

“This means instilling a workplace culture which prioritises cyber security at all times so that employees take this seriously wherever they may be working. One example is working from home during the pandemic, how many of us left our work laptops unattended and accessible while we were home-schooling or answered the door for packages?

“Yet, we only need to look at the 2017 WannaCry attack on the NHS4, which cancelled 19,500 medical appointments, including operations and locked computers at 600 GP surgeries, to understand the huge implications for mechanical failure that weaknesses in the information security system on can have. But when we think about cyber security it’s more than just hackers – we’re talking about protecting confidentially, integrity and availability of data and IT systems and currently that’s paramount.”

Businesses looking to create a robust system for handling information security risks should look to ISO 27001. A voluntary certification, it sets out best practice in terms of managing the security of assets such as financial information, intellectual property, and information entrusted by third parties.

Basilio continues: “It’s also worth considering that with most offices or work buildings now functioning off a central, protected network, such systems need to be monitored to detect actual or attempted cyber attacks and failures. As such, a standard like ISO 27001 will help firms complete a risk assessment and ask those all-important questions. What happens if the system is exposed? What’s the worst case scenario planning?

“ISO 27001 is a comprehensive solution which provides a framework that is adaptable to any environment. Ultimately, it means you can reap the rewards of a more connected world while acknowledging and managing the risks associated with this.”