Returning to the Workplace Securely

2020 has brought about a dramatic change in the way we view the workforce, and the uncertainty continues. Pre-pandemic it is estimated that only 7% of employees were offered the opportunity to work from home. As of this writing, it is estimated that nearly half of employees will continue to work from home, either part-time or full time. The significant change in the way IT professionals structured their networks caused a flurry of activity when the lockdowns occurred and the workplace moved. As many employees begin to return to the physical office, the same team will have to shift their network once again.

The good news is, moving people back into the workplace is likely to be more strategic and planned out than the March rush to create a remote workforce. This is an important window for cyber professionals, ensuring that the return to the workplace is as secure as possible.

Steps IT Professionals Should Take

To minimize risk and make a quick return to normal operations more seamless, cybersecurity teams should consider any threats employees may return to the office environment with – and then mitigate those risks. Here are some of the common security risks that remote employees may be carrying with them.

Outdated Patches: VPN services may have become overloaded or slow, causing users to simply not use them; or they may have simply not been accustomed to logging into a VPPN at all. Unprotected use over the last 6 months could have caused remote workers to fall behind on regular updates and patches. Similarly, onsite servers (those at the office) may have been shut down over the work-from-home period, and also probably missed security updates and patches. The IT or cybersecurity team should make sure that all software is updated and patched across all devices, both resident and returning.

Cleaning devices: Experts agree that devices must be screened and cleaned before being reconnected to the organization’s network. This is a critical step to minimize risk.

Some of the most important security features which must be screened include:

Provision: Establishing configurations, installing and encrypting data and applications, installing and configuring antivirus software and any firewall protocols.

Production: Data backup, application updates, security updates, enforcing security policies (which may have been changed or updated), monitoring security threats, and logging compliance.

Decommission: Disabling lost or stolen devices by locking and disabling network or data access.

Identifying false positives: Security teams with identity and access management (IAM) protocols in place likely experienced a high amount of false positives, due to employees logging on from alternate locations. As employees make their way back to the workplace and log in from a new location, IAM systems will typically be activated all over again.

This is important to monitor, as cyber criminals can use the confusion to sneak in under the radar of all the false positives.

The current situation has put a lot of pressure on cybersecurity teams that often operate with too few personnel as it is. However, as has been the case in many different venues, the pandemic may also have given cyber security teams the opportunity to innovate, strengthen and shore up their cyber security measures and protections. For the conventional or conservative cybersecurity team, this is the time to innovate and to make proactive decisions which will not only keep their company safe now, but into the future.

One of the best things to come out of this difficult situation may be that company management which resisted new technologies and change in the past, may see the benefits of embracing those technologies which will protect them against unexpected threats and challenges.

If you need advice regarding your company’s pandemic response, or the return of your workforce, call Alliance IT. Our experts can help you to assess you current situation and create a strategy to move forward securely and with confidence.