Overview: Hybrid working and its implications

Four years on since the first cases of Covid were detected in China, Holyrood looks at the pandemic’s impact on the workplace, with a focus on hybrid working and its implications for safety and security.

Background

Former First Minister Nicola Sturgeon imposed the first national lockdown in March 2020. The announcement came with a “stay at home” order whereby employees were to work from home where they could.

In a matter of days, Zoom became the world’s top job environment.

‘Work from home’ advice remained until January 2022, when the Scottish Government announced businesses could resume hybrid working arrangements.

What is the current state of hybrid work in Scotland?

Although all Covid restrictions were lifted in February 2022 and the World Health Organisation declared the virus was no longer a public health emergency, hybrid working remains high across Scotland.

In September, the Office for National Statistics revealed Scotland had the highest rate of businesses using a hybrid work model in the UK with more than 30 per cent of firms saying their employees worked from home one to two days weekly, and almost two in every ten revealing it was from three to four days a week.

Another survey, commissioned by Glasgow-based firm Willo, revealed 40 per cent of workers would leave their job if the option of remote working was not available. The same survey revealed more than half of Scottish workers would not consider office working again. Those in Edinburgh were the most likely to prioritise home working over their current job.

What are the issues?

With the rise of hybrid working comes a rise in security risks as the surface for potential cyber-attacks expands when employees work remotely.

As work moves from company networks, benefitting from security frameworks like firewalls, to personal Wi-Fi or public networks, the risk of issues including data theft, ransomware and phishing is heightened.

A concern for many as when hackers access an employee’s laptop, they can also access the company’s entire database.

The lack of cyber training in the workplace has only strengthened the potential of these dangers. According to a report on the UK labour market, half of all UK businesses have a cybersecurity skills gap.

Transunion UK also revealed more than 8 in 10 UK businesses believe hybrid working models increase the risks of a data breach, yet a fifth of these recognise having a lack of knowledge on what to do when one happens.

Going forward

With hybrid working becoming the norm for the foreseeable future, raising awareness on cyber security threats and how to prevent or deal with them has become a priority for businesses nationwide.

Kelli Fielding, managing director of consumer interactive at TransUnion UK explained: “As more staff work remotely at least part of the time, it makes it difficult to have the same security protections in place across all devices that businesses would have had previously. It also leads to more devices being transported, and therefore, lost or stolen more regularly, highlighting the threat of physical breaches is still very much present.”

What is the Scottish Government doing?

In 2021, the Scottish Government announced an update to their cyber resilience framework.

Acknowledging the government could not face the cyber threats “alone”, the new measures looked to enhance public knowledge on how to remain safe online.

These included higher collaborations with the public, private and third sectors and making support from authorities more accessible.

On announcing the strategy then Deputy First Minister John Swinney said: “Cyber resilience is key to operational resilience and business continuity, as well as our capacity to grow and flourish as we adapt to the demands of operating online. Our ability to deter, respond to and recover from national cyber-attacks is our top priority. We need to plan, exercise and reflect continually and collaboratively, to ensure that Scotland is prepared to withstand cyber threats.”

Holyrood breakfast briefing

Join us at Holyrood’s free-to-attend Breakfast Briefing: Cyber Security for Scotland’s Public Sector Hybrid Workforce on 22 November at the George, Edinburgh. 

This event, chaired by Maggie Titmuss MBE, Chair of the National Cyber Resilience Advisory Board, will look at how we address the network and security challenges associated with hybrid working.

Click here to view the agenda and book your place