While many companies are today working from home, at some point, the workforce will return to the office. It’s not clear what this will look like; it may be a small portion of workers heading back in phases or everyone at once. There is also the possibility that working from home will remain the norm and working in an office becomes a scheduled routine. Regardless of the when, how or how many, managing cybersecurity risks during an office homecoming after adapting to remote work can be challenging. Establishing a post-COVID cyber baseline as devices and people return to the office can minimize the cyber threats.
When organizations quickly pivoted to work-from-home, they adapted quickly to facilitate work with new software, tools, and reduced availability of people in critical roles. During that period of rapid transition, people could have potentially shared passwords to critical business systems with co-workers. This could include sharing passwords to laptops and video conferencing services used at home by family members.
Baseline: Reset passwords to laptops and essential accounts. Ensure multi-factor is enabled.
In the rush to get people working remotely, not every employee was able to take a company laptop home. In some cases, the company laptop failed during the stay-at-home. This forces employees to use personal devices to connect to the company network. New research from Bitsite found that almost half of companies had malware on their corporate-associated home networks, compared to 13% of corporate networks.
"Use of personal devices creates problems around document preservation matters and adds increased risk," wrote Brenda R. Sharton, a litigation partner and global chair of Goodwin's Privacy + Cybersecurity practice, in an article for the Harvard Business Review. "In addition, the software powering some home equipment can be months or even years out of date."
Baseline: Scan the network to identify new or unknown devices.
People across the organization have been tasked with getting things done, sometimes putting aside security because of urgency. Sending emails on mobile devices could result in accidental sends from personal emails, and online storage and USB devices could have been used for downloading or printing documents. These activities mean confidential information or PII data may be everywhere.
Baseline: Use SIEM alerting on common file storage services and personal emails with attachments.
Many organizations are susceptible to lost hardware during times of rapid change. Furloughed employees may still have their company-issued laptop, while others took advantage of the swift deployment of working from home to grab a device from the office. Lingering devices put you at risk of data loss or a network breach.
Baseline: Update laptop and mobile device inventory and disable missing devices.
Working from home likely required software installs, whether for office productivity, video conferencing, PDF-converters, or electronic signatures. Some software even supported virtual happy hours and entertainment to keep teams connected. By one estimate, 62% of people have signed up for new tools and platforms during the COVID-19 crisis. Some of this new software may not meet company requirements, or could have vulnerabilities that put your company at risk.
Baseline: Scan for laptops for unauthorized software and potential shadow IT.
Application and operating system updates were likely part of your work-from-home cyber strategy. But this may not have included infrastructure devices supporting the physical office and changes to firewall policies, cloud security groups, and other security software that is just as essential to update to keep the organization protected.
Baseline: Scan, prioritize, and update infrastructure devices and policy rules.
As people return to the office, the pace and focus will be on connecting and restoring the workload. People will be busy playing catch-up and not necessarily focused on cyber threats. With six out of 10 people reporting they have fallen victim to a phishing scam before the rise in attacks during the COVID crisis, it stands to reason phishing and ransomware will continue.
Baseline: Include cybersecurity awareness into the return to the office messaging.
While another major shift in the work environment may seem daunting, the investment in work-from home security sets companies up well for a return to the office. Keeping track of what was done as people shift to work-from-home will give organizations a solid baseline. Track what worked well and use the things that didn’t work as well to make security modifications and tighten access restrictions. These lessons learned will only enhance your organization’s ability to be agile if any major disruption happens again.