-- particles

 

What are the Cyber Risks of Remote Workers Returning?

So, what are the specific security risks associated with remote workers returning to the office. A few issues to consider:

  1. Dormant malware. For the last few months, very few employees have been connecting to company networks. In particular, the habit of walking into the office and switching their phone to company Wi-Fi is likely to be a problem. Why? Because there has been a significant increase in campaigns distributing malware to devices, and this malware may stay dormant until the device is connected to a major network. IT may not have been able to monitor devices as much as they would like with workers absent. Instruct employees to run malware scans and similar on devices before coming back to the office.
  2. Company equipment might not be properly inventoried and, in some cases, may be mislaid. Employees might, in the rush, have grabbed extra monitors, keyboards, webcams, etc, and not told IT they were taking them. Enlist everyone’s help in tracking down errant equipment, in a non-judgmental manner.
  3. Stranded machines, such as desktops, left in the office for the duration were probably not booted up. This might result in them not having been updated or patched. Run all patches and updates on these systems before returning them to service.
  4. Employees violating app policies. Not everyone was ready to provide their employees with all the tools they needed to work remotely. Check devices for unauthorized apps and programs.
  5. Company devices may have picked up malware from the lack of protection that comes from being behind a consumer-grade, rather than enterprise-grade firewall. Some businesses ran out of VPN bandwidth, with the inevitable result of employees connecting “naked” to company networks.
  6. A sudden rush back to work could overwhelm IT, resulting in not enough staffing to cover the demand, run scans on devices, etc.
  7. Over the work from home period, employees may have become stressed and sloppy, or forgotten protocols that were once second nature.

The return to work, thus, results in a spike in cybersecurity risk that needs to be addressed.

What Should Companies Do?

Thankfully, there are things companies can and should do to mitigate the issues caused by what is likely to be a somewhat chaotic return to work. It’s important to involve employees in the process and to understand that the problems created by the sudden departure are not anyone’s fault. Companies should:

  1. Make use of the phased return. Although servicing both remote and on-site employees could be a challenge for IT teams not used to doing so, phased returns allow for a certain number of devices to be checked at a time.
  2. Ideally, have IT come into the office early and go through the stranded machines, applying patches and making sure everything still boots up and runs.
  3. Run endpoint detection each device as the worker returns. (Again, make use of the phased return so you aren’t trying to do this all at once). This includes personal devices included in a BYOD policy. Limit phones and other personal devices to the guest network until they can be checked. Run all updates that need to be run. Mobile device management can help limit the access unchecked devices have to the network.
  4. Audit apps found on devices and either validate them or have the worker remove them. Shadow IT has been a particular problem during the quarantine period, and understandably so. For employees who are still working remotely part-time, work with them to ensure they have the safe tools they need. Make sure to remove any personal apps, such as social network apps or video games, that might have found their way onto company hardware.
  5. Work with employees for secure policies for those who might continue to work from home. It’s likely, for example, that high-risk workers may want to stay at home for longer. If schools are remote, there may be childcare issues for some. Some companies may also have found that remote work, especially for some positions, is actually better than having that person in the office.
  6. Do refresher training on phishing. Quarantine has worn on a lot of people, likely including your employees, and people are more likely to make mistakes. Employees may also need to be reminded of company procedures for working in the office.
  7. Implement a zero trust model. This includes multifactor authentication, assuming that devices have not been validated unless specific protocols are in place, etc. With the traditional perimeter broken (and likely to remain so), zero trust is the best way to ensure that malware is not introduced by potentially-compromised devices.

The return to work will, at least, be better planned than the rather sudden pivot at the start of the stay-at-home period. However, the added time will not help unless you have a proper cybersecurity plan, of which key elements are auditing and running endpoint detection on devices that are returning to the office and providing refresher training for employees.

With these measures in place, companies can ensure that the return to the office goes smoothly and navigate any long-term changes, including an increased work from home population, that might ensure. To find out more about how to establish good policies and improve cybersecurity as your workforce returns to the office, contact White Mountain IT today.

Related Posts