Technology Trends for an Agile Workplace
We’ve been discussing the world of agile working within the team recently, and its ongoing impact on the technology landscape, and in particular, cybersecurity. There have been several news stories of large companies returning to work full-time, but the vast majority appear to still be favouring 2-3 days in the office in some shape or form according to the various articles we’ve been reading.
With this landscape in mind, we pulled together some trends we think are important for you to be aware of – and act on if you’re not already.
1. Cybersecurity needs to remain a priority (for small to medium businesses).
Cyber criminals are increasingly targeting smaller firms, knowing they often lack the resources of their enterprise counterparts. It’s essential to protect your team, and the dynamic of remote working has made this more complicated, especially with many firms allowing users to connect to company services via personal devices. Securing both company-owned and personal devices is important to ensure the integrity of your company and client data.
We recommend setting a clear policy to users and consider using tools such as Microsoft Intune to manage devices. Restricting the use of personal devices may not be fully understood or appreciated by the wider team, and may come with a cost to buy some additional devices, but security is only as strong as your weakest link/device.
2. Vendor risk needs some attention.
Cyber criminals are continuing to target vendors and partners as a way into businesses. This is particularly problematic for larger companies or those in regulated industries, such as financial services, who are likely to rely on many vendors or store sensitive personal data such as financial holdings.
We are seeing high amounts of malicious traffic targeting specific users within companies from hackers pretending to be from an existing or reputable vendor. In some cases, team members that work for a vendor have been compromised, and the bad actor has been monitoring their activities, waiting for an opportunity. In other cases, the vendors systems have been hacked, and the perpetrator can get access to their clients’ company or client data by using accounts they hold with elevated permissions, e.g., IT helpdesk provider. Please note, just because they’re an IT vendor, doesn’t mean they’re secure.
It's worth reviewing (or getting a security professional to help review) your vendors’ security policies and make sure they have robust processes in place to protect the data you pass to them, account access, and how they manage changes to personal or payment details.
3. Employee education is working (but must continue).
Human error remains the leading cause of cybersecurity breaches, though awareness training is helping. Phishing and credential theft are still the most common attack vectors. We are seeing many clients provide an official IT escalation guideline to their teams, which outlines the different methods in which IT support can be contacted, and how they will be contacting users. This is less critical for small to medium firms that might only have Jeff from IT, but if an external helpdesk is employed it’s critical to communicate how IT might contact your team members.
Constant reminders to look out for spam emails (they’re constantly evolving) is critical. Don’t assume that your team know what is, and isn’t, spam – it’s constantly evolving. We are also seeing companies enroll their team members into annual online training courses, which are regularly updated to cover the latest threats, and are particularly helpful to keep everyone up to date.
Depending on your budget, providing regular training in any form, alongside reminders, can go a long way to securing your company. Add on clear security policies and you are way ahead of the curve. Trust us, you don’t want a phone call on a Friday evening from a client to say they’ve just received a malicious email from one of your team members, only to find out that email went to all of your clients...
4. Cyber Essentials is gaining traction.
The UK government-backed Cyber Essentials certification is becoming a baseline expectation for doing business. It’s a straightforward way to both secure and demonstrate that your company, and your vendors, meet essential cybersecurity standards. Whilst a lot of UK firms have and maintain a Cyber Essentials certification each year, this pales in comparison to the majority of companies that do not, leaving the larger majority of companies potentially exposed to exploit.
As with our previous articles on this topic, we strongly recommend considering a cybersecurity certification, such as Cyber Essentials, as a requirement for both your own firm but also for anyone in your supply chain. There will likely be some push-back, but as per above, vendor risk is real and it’s important to require evidence of security standards.
5. Rising IT costs need to be added to the budget to avoid falling behind.
We’re sure you’re seeing this already, but IT costs have generally gone up over the past few years, whether this is individual services, or simply the number of services you now need to stay in business. Microsoft, for example, implemented a 20% price increase in 2025. Something our family members have directly asked us about as it affects personal as well as enterprise subscriptions. This is largely due to the rising costs of energy and infrastructure costs, but also user requirements demanding more from technology.
It’s not quite annual budget time, but between now and the end of the year, we recommend reviewing your IT infrastructure with your team and look for opportunities to both remove platforms and services that are no longer providing sufficient value, consolidating platforms where possible (keep is simple), but also look for gaps where potentially new platforms and services could help your team be more efficient. Overall, I’m afraid you’re likely to see a net increase in cost year-on-year going into 2026. However, the important thing is to make sure you’re maximising your efficiency (and security), from the tools you have in place.
It didn’t quite make the top 5 trends, but for those of you reading this that are slightly more tech savvy, one we wanted to call out is the concept of Zero Trust, which is starting to (and should) become the default security model. It’s not yet a trend, but we can see it being discussed and asked about more and more. In simple terms, the idea of Zero Trust is to ‘never trust, always verify’. It’s cascading from larger businesses into smaller and medium businesses, with companies continuously validating user access. This has massive security benefits for users working in remote locations. If you want to know more, we recommend engaging with an IT professional to learn how this could be implemented within your company.
In summary, companies and office environments are changing. Our top 5 trends we see as a team at the moment are as follows –
Cybersecurity needs to remain a priority
Vendor risk needs some attention
Employee education is working
Cyber Essentials is gaining traction
Rising IT costs are here to stay
You’re likely already engaged in some of these, but it might be worth revisiting the others with your team or an IT professional
In case you’re interested, we launched a free online cybersecurity assessment earlier this year on our new website. It only takes a few minutes and gives you tailored insights into your current risk profile.
https://buchanantechnology.co.uk/cybersecurity-scorecard
As always, if you have any questions or would like any guidance, please feel free to reach out to us via your preferred platform or visit our website.
