Grounded in socio-technical system (STS) theory, this qualitative single-case study on Royal Roads University (RRU) investigated the impact of hybrid work environments on organizational cybersecurity vulnerabilities and risk management in Canada by developing themes based on identified STS interactions. Findings indicate that the hybrid work model has not resulted in cybersecurity breach in RRU. This notable stability is attributed to continuous training and cybersecurity awareness, a culture that encourages non-punitive reporting of cyber incidents, multi-factor authentication (MFA) and cloud-based security platforms. However, training and risk management are not role-specific or hybrid-tailored, limiting the institution’s ability to address unique remote work risks. Despite its stability, RRU is yet to incorporate governance-driven cybersecurity, but rather it has over the years been practice-driven. Recommendations include adopting NIST CSF 2.0 for its GOVERN and Cybersecurity Supply Chain Risk Management functions to enhance risk governance, implementing hybrid-specific risk assessments, adopting formal BYOD policies with non-invasive compliance checks, and developing role-based training to address remote work vulnerabilities. The study contributes to scholarly discourse on corporate cybersecurity vulnerabilities and risk governance, while also establishing a foundation for future comparative studies across Canadian post-secondary institutions and other industry sectors.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Impact of Hybrid Work Environments on Organizational Cybersecurity in Canada: A Case Study of Royal Roads University

  • Udochukwu Peter Akunna,
  • Mark Lokanan

摘要

Grounded in socio-technical system (STS) theory, this qualitative single-case study on Royal Roads University (RRU) investigated the impact of hybrid work environments on organizational cybersecurity vulnerabilities and risk management in Canada by developing themes based on identified STS interactions. Findings indicate that the hybrid work model has not resulted in cybersecurity breach in RRU. This notable stability is attributed to continuous training and cybersecurity awareness, a culture that encourages non-punitive reporting of cyber incidents, multi-factor authentication (MFA) and cloud-based security platforms. However, training and risk management are not role-specific or hybrid-tailored, limiting the institution’s ability to address unique remote work risks. Despite its stability, RRU is yet to incorporate governance-driven cybersecurity, but rather it has over the years been practice-driven. Recommendations include adopting NIST CSF 2.0 for its GOVERN and Cybersecurity Supply Chain Risk Management functions to enhance risk governance, implementing hybrid-specific risk assessments, adopting formal BYOD policies with non-invasive compliance checks, and developing role-based training to address remote work vulnerabilities. The study contributes to scholarly discourse on corporate cybersecurity vulnerabilities and risk governance, while also establishing a foundation for future comparative studies across Canadian post-secondary institutions and other industry sectors.