The New Normal

Posted 17 May, 2022 at 10:28

Author Kevin Hawkins on behalf of H2 Cyber Risk Advisory Services Ltd

We hear a lot from certain Government ministers about working from home and how it is inefficient and is causing issues within industry etc etc.  But there are some very good contrary arguments with many companies, small and large, having been forced to adopt a remote operating model during COVID and who have, as yet, not returned to full time working from the office.  The attractions are obvious in terms of cost reduction, as are the potential pitfalls.

There are now surveys by HR consulting companies, suggesting that 60 to 70% of companies of all sizes are planning to adopt a hybrid model.  In the IT industry, particularly amongst IT consultancies, this model has been in use for many years and is well regarded, allowing the downsizing of office space and a lower cost base.

As organisations of all sizes begin the decision making process which allows them to seriously consider the recalibration of their operating model to adapt to the new normal, then there is a real need to re-evaluate their cyber security stance, involving policies, processes, people training and technical defences.

When COVID hit, many SMEs had to move very quickly in order to keep going, adopting remote working without the time or luxury of any real planning.  It was a knee jerk born of necessity and certainly not the way they would have liked to do it.  There are multiple cases of companies not having the necessary equipment, in terms of hardware, desktop, laptops etc, and allowing staff to work from home using their own home machines, connecting to both office and cloud-based systems, without any check on how those machines were configured, whether or not they were kept up to date with the latest patches, or whether they were used by other family members.  This situation is still happening today in some cases.

Cyber criminals have used this shift in working patterns to their advantage and their attacks have increased hugely, across the globe.  Working from home has increased the footprint of IT operations whilst weakening its defences and the scope for cyber criminals to develop new attack methods, new scams, and to generally increase their revenue, exponentially.

Cyber-attacks and data breaches tend to only hit the headlines when it’s a large company involved.  However, SMEs are hit every day, but for somewhat smaller sums of money and there is an argument that often these attacks go unreported to protect reputations and even go undiscovered for long periods of time.  Data breaches do get reported because of the requirement to make such a report to the Information Commissioners Office, but even then, actions taken by the ICO often fly under the radar.  For instance, this year alone there have been over 40 fines by the ICO, many to companies categorised as SME.  A finance company was fined £48k and a solicitor was fined £98k.  You can research all of this on google if you want confirmation.

The major cyber security companies are forecasting that ransomware is becoming more prevalent and growing in sophistication.  SMEs are subject to such attacks because they take little effort on the part of the attacker and SMEs often pay up because they have no defence against it and no business continuity plan in place to enable them to keep going in the face of such an attack.  Phishing will continue to be a big problem for SMEs as will social engineering attacks, email spoofing and other scams.  Home working being a target because being isolated, they can’t just look up from their desk and ask advice before taking some action and will often just respond to an authoritative looking email or phone call.

So, what needs to be done if hybrid working patterns are to continue?  Well, first and foremost comes your policies.  Do they reflect the new hybrid working model?  Have you laid down what is and what is not an acceptable use of company IT equipment if it’s being transported to a home address?  Do you allow the use of home machines, and have you laid down how those machines must be configured before they can be used for company business?  That list is not exhaustive.

Secondly comes user training.  Cyber awareness training for staff, along with a broad understanding of data protection principles, becomes even more important when staff are working from home.  It is a clear no brainer which many SMEs still don’t recognise as necessary.

Finally, technical security must be reviewed and made suitable to support a remote working model.  If an SME hasn’t moved to a cloud operating model, they should consider it without delay.

H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services.


To learn more about the services we provide please click here

Alternatively, please feel free to give us a call or email

T: 0845 5443742

M: 07702 019060

E: [email protected]

Trust H2 – Making sure your information is secure

What our customers say about us


“We originally engaged H2 to examine our liability under GDPR and devise risk managed policies and processes to ensure we met the requirements.  Their Cyber Maturity Assessment is certainly and eye opener and H2s approach, unique in our experience of IT service companies, demonstrated clearly that we had some issues to overcome.  They were patient in providing services at our own pace and at price points which we were happy with, and were comfortable working with our current IT provider, enhancing their services and products, and plugging gaps that they do not cover.  I have no hesitation in recommending H2 to other companies who need such services.”

Lisa Williamson, Operations Manager, Savage Group

More from H2 Cyber Risk Advisory Services Ltd

The KillNet Group

The KillNet Group

26 May 2022


02 May 2022
Consequences of a Cyber-Attack

Consequences of a Cyber-Attack

28 April 2022
The Cost of Getting Data Protection Wrong

The Cost of Getting Data Protection Wrong

20 April 2022
Card image cap

H2 Cyber Risk Advisory Services Ltd


Profile Feed
Established in 2016, H2 Cyber Risk Advisory Services is a specialist cyber security and data protection company that focuses on providing innovative and robust security solutions to the UK SME sector. Its founders, Kevin Hawkins and Bob Hay, are amongst the best qualified and most experienced...


Press Releases