It has been over a year since the UK was put under its first stay-at-home order, and now, it has been announced that the full easing of UK restrictions has been extended an additional 4 weeks. This should hopefully mean an end to social distancing; the full opening of the economy and that people will be able to return to their places of work without restrictions.
However, because some offices have been completely closed since the beginning of the pandemic, the full reopening of their doors could create a security nightmare. Not only will desktop machines potentially have missed out on security updates for the last year, but there will also be an increase in personally owned laptops being brought into offices and connected to corporate networks.
The good news with the return to work is that companies have been informed well in advance, which means they can start thinking about their strategy now. So, what are the key issues to watch out for and what are the best approaches to ensure a safe and successful return to work?
After functioning with a remote workforce for such a long time, one thing companies will want to avoid is opening their doors to everyone at the same time. Not only could this put employees’ health a risk, it could also create an abundance of issues that overwhelm IT teams. A staggered return is a much more advisable and safer approach, which will be easier to manage and will limit backlogs within IT and security teams.
Laptops, PCs and security bad habits
One of the biggest challenges businesses initially faced with remote working was that many companies had never offered their staff laptops before. This meant that companies had to allow employees to use personally owned devices to carry out their jobs from home. Now that companies are returning to the office, it should be a priority to develop a process around how these devices will fit into the overall IT environment. Remote working isn’t going away.
If the business is happy for these devices to be connected to the corporate environment there are a number of things which must be considered. Firstly, the business will need to install a security solution which has the capabilities to scan all devices on the corporate network for security vulnerabilities and malware, regardless of whether they are company owned. Secondly, businesses will need to address any bad security habits that have been picked up while employees have been working from home, for instance, leaving computers unlocked or putting passwords on post-it notes and sticking them to screens. If businesses do not allow employees to continue using personally owned devices, they will need to ensure that they are completely wiped of any corporate data that was stored on them during lockdown.
When organisations do open their doors to staff, they will also need to think about security updates for the desktop PCs that have been sitting idle for over a year. Have these machines been kept up to date with security patches? Have they been scanned for threats? These are some of the questions IT security teams will need to address before they provide employee access. If patches have not been maintained during lockdown, they will have to go through many updates before they can be switched on and used by staff.
Securing the HR processes
Another challenge that companies will need to consider is any onboarding and offboarding that took place during lockdown. If a company has taken on new recruits during lockdown, they will need to have an ID card system in place to ensure a person walking into the office is who they say they are. If Cybercriminals are aware that businesses have onboarded new recruits during lockdown, where they have never seen these new employees face-to-face, cybercriminals could hijack this as an opportunity to break into offices.
Businesses will also need to ensure that all current employees still have their ID card. If people haven’t used them in a year or so, do they know where they are. Issue new ones if people have lost them and make sure old ones are deactivated.
The same considerations will also need to be made for any staff that was offboarded during the pandemic. Do all line managers and department heads know who these people are, to prevent any unauthorised access both physically and to IT systems? Have their ID passes been deactivated?
A secure return to the office
Businesses are undoubtedly eager to open their physical doors to employees, however, just like the shift to working from home, there are going to face security challenges along the way.
Businesses should therefore start considering these issues now, so they are prepared and can address them in advance. To begin this process, IT teams must start thinking about how they are going to manage the security of both corporate and employee devices that have been either idle or in use during lockdown. It is also critical to implement a process to identify onboards and offboards that have taken place during lockdown, to limit the chances of unauthorised individuals accessing corporate premises.
Companies should also consider running security awareness refresh sessions for staff to get them thinking about cyber security and drop any bad habits that have been picked up in lockdown. By driving a security aware culture, the company will benefit in the long-term knowing it can rely on its staff as a first line of defence against security threats.
Once all employees are back in the office, we advise that companies conduct a back to the office security assessment. This will ensure that internal environments are running the latest security programs and that the proper security measures are in place.