3 Tips to Transition Back to the Office, Securely.
We’ve all been forced to rapidly shift to support a work-from-home model. This has expanded and evolved the threat landscape in several ways. First, the rapid transition to remote work forced organizations to prioritize service availability over everything else, resulting in tradeoffs that might have created security gaps for hackers to exploit. At the same time, the surge in teleworking dramatically increased the use of personal devices, VPNs, cloud collaboration tools and other points of vulnerability, expanding organizations’ attack surface area.
Today, organizations are beginning to reopen their offices. However, this new normal should not mean reverting to pre-pandemic protocols. Instead, organizations should take into account their new vulnerabilities and rethink their security practices.
To lay the groundwork for a secure return, consider the following measures:
Support your hybrid workforce.
The transition back to the workplace will most likely be divided into stages, so IT teams will still have to support remote infrastructures for some groups of employees. Moreover, Gartner reports that 74% of companies will allow at least 5% of their previously on-site workforce to stay remote. We can also expect flexible work schedules for some teams, and some employees working from the office part time.
With this hybrid work mode, IT teams will have to retain best practices they adopted during the remote work period, including the following:
- Address the risks of collaboration tools.
These solutions enable fast collaboration among distributed teams but increase the risk of unauthorized access and data compromise. Common risks are data overexposure (since files shared via collaboration tools are often retained forever by default), unauthorized data sharing and privilege escalation. IT teams should automate tracking of who is editing, sharing and downloading data, so they can quickly spot and investigate suspicious behavior. In addition, IT teams should work closely with other departments to understand their workflows and business needs, so they can provide solutions that address their needs and avoid having employees use unauthorized tools outside of IT control. - Keep tabs on Wi-Fi connections.
It’s not only laptops or desktops that bring additional risk when employees work remotely; home networks are rarely configured with security in mind. Cybercriminals can access an organization’s sensitive data by infiltrating the Wi-Fi networks that employees are using to access corporate systems. Therefore, it is important to ensure that employees working from home utilize a VPN and use separate networks for their work and for their personal needs. It’s also essential they do not use public Wi-Fi once their favorite café reopens, especially if that Wi-Fi is not password-protected or requires installing a third-party program that might contain malware. Also, consider giving pre-configured secure Wi-Fi routers for home use to employees who work with your most sensitive data. That’s an extra cost for sure, so I cannot recommend doing this for every employee, but it can make sense for some categories of staff. - Be ready to thwart VPN attacks.
The Department of Homeland Security’s cybersecurity agency issued an alert that urges organizations to pay special attention to VPN vulnerabilities. Core prevention measures include regularly updating VPNs, network infrastructure devices and devices being used for remote access with the latest software patches and security configurations, and implementing multifactor authentication. Strategies for ensuring prompt attack detection and response include auditing for configuration changes, logon attempts, scanning threats and hardware malfunctions. - Plan for conditional access control.
In some cases, you might want to reduce the level of access to your most critical assets when users connect via VPN. This was not possible when everyone was 100% WFH, but it can be a useful control in hybrid or flexible work scenarios.
Manage the influx of devices brought to the office.
As companies rushed to enable employees to work from home, many were unable to quickly procure, set up, and distribute new corporate laptops. Thus, they had to allow employees to use their home computers to stay productive. Those devices were not covered by normal layers of enterprise security, so they might not have been properly patched and updated and might even contain malware.
To mitigate the risk associated with bringing those devices back into the office, IT security teams should run vulnerability scans to find gaps. Then they should ensure that all missed operating system updates and software patches are applied, deploy endpoint protection solutions, and increase monitoring of user behavior to ensure they can detect anything out of ordinary that could indicate an intrusion or other malicious activity.
In addition, security teams will have to prepare all on-premises IT equipment for people returning to the office. For instance, all desktop systems that were shut down during the lockdown will have to be updated before business users start using them again.
Get ready for a spike in malware.
Organizations may not know that employees’ devices are compromised until they return to the office. When a compromised device connects directly into the network, it will enable hackers to move about to seek elevated rights and sensitive data or launch a ransomware attack. At this very moment, organized cyber criminals might be lying in wait to benefit from endpoints they have already compromised. While some sectors, such as local and state government and public education, experienced a decline in ransomware attacks recently, since they were shut down and there were fewer people to phish, as employees return to the workplace the number of ransomware attacks will increase.
Strategies for mitigating your risk from malware include connecting all devices of returning employees to a guest network and ensuring that your software restriction policy prevents user accounts from running executables. You should also continuously audit your IT environment for signs of ransomware in progress and enable alerts on unusual spikes of activity in your file repositories. And of course, provide regular user training on how to identify suspicious links and attachments and how to report them.
Last but not least, you should harden your data access governance: Revoke inappropriately assigned and excessive access rights, move all sensitive data to dedicated secure locations, audit activity around your sensitive data and monitor for privilege escalation. Addressing these gaps can significantly reduce the impact of attacks and enable the IT team to detect them faster.
March and April were panic time, when organizations needed to shift staff to remote work as fast as possible and prioritize service and data availability over security. In May and June, organizations should have taken time to identify and close any security gaps created by the rapid switch to WFH. Now it’s time for IT security teams to prepare for employees to return to the office, taking steps to minimize security risks based on their organization’s plans about what percentage of the workforce will stay remote or have flexible schedules.
Commentary by Steve Dickson. Here’s what you’ve missed?
Highest Paying Jobs.
Highest Paying Sales and Marketing Jobs.
Highest Paying Science Jobs.
Add CEOWORLD magazine to your Google News feed.
Follow CEOWORLD magazine headlines on: Google News, LinkedIn, Twitter, and Facebook.
Copyright 2024 The CEOWORLD magazine. All rights reserved. This material (and any extract from it) must not be copied, redistributed or placed on any website, without CEOWORLD magazine' prior written consent. For media queries, please contact: info@ceoworld.biz