How Forced Hybrid Work Created Vulnerable Businesses

Prior to the pandemic, most businesses were operating in traditional work environments. This meant:

Turquoise Boardroom Office IconEveryone in the office

Office Security Perimeter Icon

All corporate data inside the perimeter (of your office walls) and on corporate devices

Security Firewall IconEverything behind a firewall

The pandemic forced businesses to scramble to manage a sudden shift to remote work. Plans — and mistakes — were hastily made. Ad-hoc solutions were implemented and IT departments, if they existed, were stretched far beyond their limits.

As the dust settles after the largest public health crisis of our life, many businesses are realizing they are never going back to “normal.” Instead, most organizations have concluded that instead of a full-time return to the office, a hybrid workplace is the best way forward. They're also learning that this new hybrid working model has its own challenges — particularly when it comes to IT security.

Your IT Team's Jobs Got Harder

A lot of mid-size businesses that had 3-5 IT team members pre-pandemic are finding that, in this new environment, they can no longer operate at their previous level. And that’s no surprise: the FBI recently reported that cyberattacks have increased by 400% compared to pre-pandemic times.

Three blue and purple pie charts show what employees are looking for in the post-Covid work world.

Many mid-size businesses used to be able to manage IT in-house when their whole staff was in-house, but as the complexity and sophistication of cyberattacks increase, that’s quickly becoming a thing of the past. Organizations having to quickly adjust to support a work-from-home environment created a feeding frenzy for bad actors.

The most significant change organizations have experienced since pre-pandemic is their data is now predominantly in the cloud, rather than all being inside a firewall-protected data center. While IT teams frantically worked to accommodate the new work-from-home set-up, they quickly found out that their traditional security products gave them zero visibility into suspicious activity in the cloud.

Cybercriminals have upped their game, and this means your IT team needs to up its game, too. Your old level of IT resourcing is no longer enough, and it’s more difficult than ever to maintain the required level of expertise because of how threats evolve and change month to month.

Personal Devices Cause Problems

As more data moves to the cloud and the boundaries between work and home continue to blur, mid-size businesses now have more employees working from more locations and using more personal mobile devices.

A graphic showing all the endpoints created by personal devices.

While this shift is convenient for employees who prefer to work away from the office and access this data wherever they go, it also means you have more points of risk to think about. Mobile devices can be lost, and personal devices that may have minimal security installed — or worse, none at all.

You and your employees may think nothing of pulling out your phone or personal laptop to address work issues on the go but doing so effectively doubles the number of endpoints that attackers can target.

CHapter 2 Stat

Employees who are off the clock still pose risk to your business data if they fall prey to a personal phishing scheme. If they’re also using personal devices for work, they may not think twice about opening a potentially fraudulent personal email while logged into work accounts.

Which brings us to…

Your Employees Haven't Been Trained

Many organizations believe that investing in cybersecurity tools and technologies will guarantee protection for their business. However, the tools you use will only work as well as your team has been trained to use them.

90% of corporate data breaches are a result of employee error, and more than a third of remote workers admit they feel overwhelmed by all the account credentials they need to keep track of. These compelling stats make the case for investing resources in strengthening the weakest link in your cybersecurity chain — your people.

For remote and hybrid workers, security and productivity must go hand-in-hand. If remote security policies cause frustration and wasted time for employees, they will simply work around them. Without employee education and participation, even the most robust security methods aren’t useful or effective.

The latest cyberattacks happen fast and are hard to stop. It only takes hackers four minutes to get into your network, but 99 days or more for businesses to discover they’ve been breached. This window of opportunity for attackers could become even wider in a remote or hybrid work environment.

An illustration of a stressed employee hunched at their desk.


A graphics with icons of computers and envelopes show phishing statistics.

Why Are Attacks So Successful?

Black and turquoise pie charts illustrate employee cybersecurity statistics.


IT and Security Team Members are Harder to Recruit and Retain Than Ever Before

As a results of the Great Resignation, recruiting and retaining IT talent just got significantly harder.

In an already competitive space this is no small challenge. If you want to learn more about this topic, we wrote an entire blog post on this subject: CLICK HERE.

HubSpot Graphic_600X150px (2)

Bulletproof CEO ebook cover v3 portrait copy checked

How exactly do you weather a perfect cybercrime storm? 


As the way we work has evolved, cybercrime tactics have evolved as well. How can you protect your business in an increasingly volatile cybercrime landscape? Take action with this eBook designed to help CEOs, executives, and decision-makers understand today’s cyberthreat and what they can do to tackle today’s challenges and strengthen their security posture. 



CoSJ eBook Icon

If you were hit by a ransomware attack, would you know what to do?

On Friday the 13th, in the middle of a pandemic, a cyberattack threatened to bring a city’s entire network—and crucial services—to a halt. Meet the city that refused to pay hackers and learn how quick action, teamwork, and the comprehensive visibility and security of our B365E solution saved the day. 


Why Bulletproof?


  • Microsoft 2021 global Security Partner of the Year Winner
  • 5X Microsoft Canada IMPACT Award Winner.
  • Over two decades of experience in the security and compliance business.
  • Microsoft Solutions Partner: Security + Modern Work
  • State-of-the-art 24/7 Security Operations Centre (SOC).
  • Trusted by users on six continents to protect their data, devices, and people.
  • Holder of Microsoft’s Advanced Specialization in Threat Protection.
  • Microsoft Verified Managed XDR Solution.
  • Member of the Microsoft Intelligent Security Association.

Julie Jefferies Microsoft

“Bulletproof is doing an exceptional job of listening to their customers and then going above and beyond to provide them with services to unlock all the value of their Microsoft Security investment. They are able to see the value of our Microsoft security platform and have built a managed SOC service that is driving significant customer value, allowing their customers to remain focused on their business.”

-Julie Jeffries, Modern Work & Security PMM Manager, Microsoft Canada

Call Us