As the COVID-19 vaccination rollout advances and the roadmap out of lockdown becomes clearer, physical offices are eager to welcome employees back.
Highly anticipated by some, viewed with skepticism by others, the transition from working from home to returning to the office environment is no easy feat. Companies planning to return to the workplace will likely face complex challenges. Over the last year, organizations successfully provided the right tools to allow workers to perform their jobs safely from home; now, they face a new obstacle–bringing employees back into the office in a safe environment, on-site and online.
For IT teams, the health of the corporate network and devices will be a priority. The establishment of remote working shone a light on countless holes in security protocols. Whether employees go back to the workplace in a couple of months or over the next year, building a transition plan today will ensure fewer issues as the date approaches. Here’s what it should look like.
Perform a Cybersecurity Audit of all Infrastructure
First and foremost, IT departments must know what and how many devices are currently integrated into their computing infrastructure. That’s because the rapid deployment of a remote workforce may have disrupted their asset inventory, with some of the equipment not being properly listed–from laptops and phones to webcams and printers. An updated inventory of physical hardware, software, data sources and repositories is essential to serve as the baseline against which to perform a cybersecurity audit of all infrastructure, as well as to manage IT processes like the installation of new operating systems and security patches.
Make Employees Aware of the Office Security Protocols
The rushed move to working from home has exposed cybersecurity vulnerabilities galore. IT leaders should embrace the chance to reconsider security protocols for the longer term–regardless of whether staff continue to work remotely or fully return to the office. Take a step back and think about what has been learned about the organization’s security weak spots during lockdown. This will help you refine your new policies for employees who will regularly access networks and corporate data systems. That may include the appropriate use of communications platforms, incident response guidelines and new rules for submitting requests for hardware or software credentials.
Offer Cybersecurity Refresher Training
Naturally, refreshed cybersecurity policies and protocols will be of no use if you don’t make sure your employees are aware of them. In that case, cybersecurity training becomes a must, especially when we know how the pandemic has created unprecedented conditions for cyberattacks and introduced a slew of new social engineering and phishing attack strategies–some 91% of enterprises reported an increase in cyberattacks with employees working from home, according to a global survey by VMware Carbon Black.
With nine in 10 (88%) data breach incidents caused by employees’ mistakes, according to a joint study from Stanford University Professor Jeff Hancock and security firm Tessian, it’s important to educate your staff about new cybersecurity threats, remind them of old ones and organize focused training sessions on how to protect company and customer data, the risks of collaboration tools and identifying scams.
A useful way to keep up with modern cybersecurity threats is by joining the Cyber Security Information Sharing Partnership (CiSP), a free initiative by the UK cybersecurity industry in partnership with the government. Members not only get early warnings about cybersecurity threats, they also get to engage with their counterparts on network vulnerability issues. Learning from others’ experiences, mistakes and successes gives you an improved ability to protect your own company’s IT infrastructure.
Last but not least, have an open and clear channel of communication throughout the transition period to keep track of any substantial cybersecurity issues and to make note of competency gaps where additional education is needed.
Scan and Check Remote Equipment Before Connecting to the Network
I can’t stress enough how important it is to have all home equipment checked for updates and potential cybersecurity risks before returning to the office and connecting to the business network. That’s because employees not only may have installed additional apps on their devices to boost productivity when working remotely, they could also have used their work computer for personal matters. As you can imagine, unauthorized apps and software can pose a significant threat to the company’s IT infrastructure. To ensure network security, it is vital to set up appointments to run endpoint detection scans and updates on all returning equipment. This will also serve as a way to reinforce your new policies and procedures, so employees are prepared when they go back to the workplace.
This might sound obvious, but safe passwords are still the first step to protecting devices, systems and data. A weak password can rapidly expose the business network to infiltration, so employees should be instructed to double check their accounts are protected with a strong password or passphrase; to never share passwords with unauthorized people and to never write down passwords on paper notes, email or text.
Naturally, because passwords are somewhat easy to crack, they cannot “meet the challenge” of keeping critical information fully secure. To further increase network security, technologies such as two-factor authentication and facial recognition offer an additional layer of safety.
As opposed to the rushed shift from working on-premises to working remotely where new internal processes were established on the fly, the return to the office presents businesses the opportunity for a more calculated approach. By following the right actions, companies are able to maintain the balance between staff working at home and in the workplace, anticipating threats and ensuring that appropriate mitigations are in place to quickly detect and respond to them.