Following months of remote working, companies everywhere are starting to bring employees back to the office. While this is a positive step forward, it also poses a number of IT security concerns that will need to be tackled to prevent business systems being left vulnerable. Here, we’ll look at what those concerns are and provide a list of security checks that you may need to carry out.
Today’s predatory cybercriminals seek out vulnerabilities and weaknesses they can exploit. Just as they have targeted remote workers using security holes in routers, VPNs and remote desktops, as well as through phishing attacks, they will see opportunity in the inevitable security oversights which will happen when workers return to the office. Avoiding this means organisations need to implement a ‘return to the office’ IT policy, which should include a thorough audit of their IT systems and devices, as well as refresher security training for staff.
While every company will have its own circumstances, here is a range of security issues you might want to consider, together with possible approaches to solving them.
1. Checking on-site systems
On-site servers and network devices left unused in the office may not have had any updates since the lockdown began. Before using them, the IT department should check every device for vulnerabilities, install any patches, update software to the latest versions and update its antivirus so that the newest vulnerabilities can be scanned for and detected.
2. Bringing devices back to the office
Whether employees have been using their own or company devices for remote working, there are obvious risks to reconnecting them to the business network. Just as with the equipment left in the office during the lockdown, vulnerability checks, patching and software and antivirus updates will need to be carried out.
3. Resetting passwords
Password resetting should be a key priority when remote workers bring their devices back to the office. It is possible the device was used by family members during the lockdown, letting children access online lessons, for example, and this may have led to usernames and passwords being shared. At the same time, device and business system login credentials may also have been used when registering with other online services. Updating passwords for devices and applications can quickly solve any potential issues.
4. Transferring locally stored files
It is quite possible that staff may have created new files or downloaded and stored business documents and data on local drives of their devices during the lockdown. On return to the offices, these files should be transferred to more secure locations on the company server where logical control policies keep them protected. Local versions should then be deleted.
5. Delete unauthorised apps
The huge reliance on the internet for entertainment, education, communication and shopping during the lockdown means that some staff using business owned devices for remote working may have installed software not authorised by the company. These applications might have vulnerabilities or data privacy concerns and should be deleted before reconnection.
6. Review spam filters
The increase in phishing attacks aimed specifically at remote workers during the lockdown remains a major threat and IT staff should check that email filters are operating as required to prevent these kinds of emails getting through. The use of email certificates that digitally verify and encrypt company emails should also be considered.
7. Review logical access controls
The urgent need to enable remote working may have led companies to relax some of their access control permissions during lockdown to facilitate a smoother running of operations. While returning to the workplace doesn’t necessarily mean these extended permissions should automatically be reversed, they should be reviewed.
8. Cloud migration
The disruption of moving employees out of the workspace and swiftly setting up remote working, followed by the disruption of bringing them back again, has led many companies to consider migrating their systems and services to a cloud environment.
The cloud enables companies to set up secure online networks that can be accessed both on-site and remotely, making it far easier to transition between the two should further lockdowns happen or if the company wants to offer more flexible working conditions.
What’s more, the cloud provides a secure, centralised storage location for all business documents, files and data and enables companies to make use of the many remote working tools and platforms that have been so beneficial over the lockdown and are of equal value on-site.
The disruption caused by remote workers returning to the office increases the likelihood that security issues will go unnoticed and vulnerabilities remain unfixed. This is certainly a situation that predatory cybercriminals will be hoping to exploit. Hopefully, the security issues we raised here will help you with your return to the workplace procedures.
If you are considering migrating to the cloud, check out our secure, Enterprise Cloud Hosting solutions.