A testing and certification firm has said that cybersecurity needs to be "urgently prioritised" as a health and safety risk if workers in the UK could be embracing a long-term shift to remote working.
Bureau Veritas is encouraging businesses to mitigate this rising risk by improving cybersecurity culture within their organisation and ensuring all employees are trained and up to date on the latest best practices.
Its comments come as recent reports show that hackers earned a record £28 million last year for reporting software flaws during the pandemic.
Meanwhile, as more companies introduce hybrid models of working in which staff split their time between the office and home, cybersecurity is increasingly becoming a health and safety issue, with rising pressure on firms to create a ‘cyber-safe’ working environment – whether that is in the home or the office.
Basilio Vieira, lead auditor at Bureau Veritas, said: “The coronavirus pandemic has irreversibly changed the way we work. And with more of us set to split our working week between the home and the office, organisations need to respond to this ‘paradigm shift’ by treating information security as a health and safety risk.
“This means instilling a workplace culture which prioritises cybersecurity at all times so that employees take this seriously wherever they may be working. One example is working from home during the pandemic, how many of us left our work laptops unattended and accessible while we were homeschooling or answered the door for packages?
“Yet, we only need to look at the 2017 WannaCry attack on the NHS4, which cancelled 19,500 medical appointments, including operations, and locked computers at 600 GP surgeries, to understand the huge implications for mechanical failure that weaknesses in the information security system on can have. But when we think about cybersecurity it’s more than just hackers – we’re talking about protecting confidentially, integrity and availability of data and IT systems and currently that’s paramount.”
According to Bureau Veritas, businesses looking to create a robust system for handling information security risks should look at ISO 27001. A voluntary certification, it sets out best practice in terms of managing the security of assets such as financial information, intellectual property, and information entrusted by third parties.
Basilio added: “It’s also worth considering that with most offices or work buildings now functioning off a central, protected network, such systems need to be monitored to detect actual or attempted cyber-attacks and failures. As such, a standard like ISO 27001 will help firms complete a risk assessment and ask those all-important questions. What happens if the system is exposed? What’s the worst-case scenario planning?"