Return to the office
IT departments have had a busy start to 2020. Not only did teams work at breakneck speed to enable employees to work from home securely, but they now have another project on their hands – preparing for the return to the office.
The pandemic presented many challenges for millions of businesses around the globe as they made the shift to working remotely. But now, as governments start to lift lockdown restrictions, business leaders must consider the processes, policies and technologies that will protect workforces as they return to the office. Although much of the focus will be on ensuring social distancing measures are in place, businesses cannot lose sight of securing their IT infrastructure.
Targeted by hackers
As employees start to go back to work, hackers will undoubtedly try to take advantage of any cracks in the seams created during lockdown. Over the past few months there have been many reports of hackers targeting remote workers by launching phishing attacks and attacks against unpatched vulnerabilities in VPNs. They have also targeted web browsers, remote desktops, routers, and cloud based applications like Zoom.
With the ‘new normal’ fast approaching, every business needs to carry out an IT audit and return to work security plan. Any lapse in security measures or rejoining unchecked devices to the corporate network could leave businesses open to attack. After spending several months working at home, employees could also benefit from being reacquainted with cyber security training before settling back into office life.
IT security checklist
Every business’s return to work security plan should aim to make the transition back to the office as smooth as possible, whilst keeping security front of mind.
What risks could returning employees bring to the company?
- During lockdown, employees will have worked on corporate laptops or their own devices, which both come with risks when reconnecting to office networks. Every computer and device must be checked for vulnerabilities, and system patches and antivirus updates carried out immediately.
- As most office PCs will have been unused for the past few months, the same checks need to be carried out to ensure that important security updates have been made. Carrying out an inventory of all computers and devices is useful to record every machine that connects to the corporate network, for increased visibility.
- Whilst working at home it is possible that employees shared their laptops and log in credentials with family or friends. They may have also re-used passwords on new services or devices at home, or lapsed into other insecure habits. Take precautions by enforcing a company-wide policy of password resets for devices and key software tools.
- If employees created or stored corporate data or documents during lockdown, they must be removed from local machines and stored in a preferred secure location.
- Employees may have downloaded or used software and programmes that were unauthorised by IT teams. All systems should be scanned for apps and software that do not meet company policy and removed.
- Staff may have also used corporate devices for personal use, such as downloading games or software. This could have left laptops vulnerable to attack, which is why running regular antivirus and Malware scans are so important.
- Access controls for internal systems, files and networks should be reviewed to ensure the appropriate levels of access are given. Access rights could have been granted whilst working from home that need to be changed or reversed.
- During lockdown there was an increase in email phishing attacks, so ensure that spam filters are running correctly and all staff are aware of current threats and how to recognise phishing emails.
- Some companies will have recruited new employees during the pandemic and onboarded them remotely. Moving into the office will be a new experience for these new hires and they will need to receive full cyber security awareness training.
- Returning to the office could feel like a ‘fresh start’ for many businesses, so it is the ideal time to reeducate existing employees about cyber security policies and awareness. Hackers will certainly exploit this period of instability whilst employees get used to working in a different environment again – so be prepared!
- Aside from these employee-focused security checks, it is vital to ensure that the business itself is kept secure. It is wise to carry out an infrastructure security review to check that firewalls, VPNs and any cyber security services are in working order and protecting the business.
A new world
The next few months may bring further challenges as employees re-adapt to office life. Whilst plans have been made for the return, there may also be employees working in shift patterns and those who need or choose to remain at home. Both flexible and long-term remote working solutions and policies need to be available and monitored as closely as office-based setups. Maintaining a secure remote solution is also valuable should it be necessary for the company to work from home again in the future.
Whilst working from home, employees will have attempted to meet the company’s security policies, but without an IT or Security Manager present to make regular checks, can any business be certain that security policies were followed?
By carefully considering return to work security and following the checklist above, business owners and IT teams can have peace of mind about the transition back to the office environment.
Can Hyve help with your IT security? We provide a range of security products and services to provide continuous protection against a range of attacks – find out more information here or contact our sales team on 0800 612 2524.