The work from home restrictions will result in additional cybersecurity concerns arising from the rapid reintegration of remote workers returning back to the office.
The returning back to work cybersecurity risks can be categorized into four broad categories: unattended systems, personal devices, unapproved personal applications, and human error. Each category represents a possibility for the introduction of sensitive data loss or malware attacks from the organization.
Reintroduction of unattended systems
From the IT perspective, one of the most significant concerns is the reintroduction of services and systems that were offline or which remained unattended during the work-from-home period.
Organizations may have ceased few or all IT functions during this period. The organizations which had to shut down completely may have also taken pieces of IT infrastructure offline. If this resulted in missed security patches, the systems might become vulnerable upon their reintroduction, all over again.
Additionally, if systems were left online but unmonitored or unattended, they may have been unwittingly compromised by hackers waiting for the company’s return to work before deploying malware in the company’s network.
Before returning to work, all critical systems that were unmonitored need to be completely scanned with an antivirus tool to assure that no infections have taken place. Every entry into the system- every logging should be checked for any evidence of intrusion or hacking attempt.
Security configurations and patches should be verified across all available machines, especially those who were off or disconnected from infrastructure during the entire lockdown.
Use of personal devices
The sudden switch to remote working has resulted in the increased reliance on personal devices for work use. Personal devices include not only personal computers and phones but also USB storage devices and other peripheral devices that can store or transmit data.
If these get compromised by hackers and then attached to an organization’s infrastructure – they might turn into a potential vector for introducing malware into an enterprise network as the employee returns to the office.
In an ideal world, all work performed on personal devices need to be sanitized and migrated onto organization-owned infrastructure. However, this might not always be feasible, so organizations should plan for how these devices can be integrated into the secured workflow when needed.
Options include monitored and segregated networks specifically for personal devices and other commercially available solutions for securing personal laptop, mobile, and desktop devices.
Unapproved personal applications
Remote work creates an overlap between personal and work-life, raising the issue of unapproved and unvetted apps operating on work hardware. Such applications include personal cloud storage applications, teleconferencing software, printer or other hardware drivers, and use of social media and general net browsing on office devices. This can increase the exposure to phishing and malware attacks on the devices.
Organizations need to plan to promptly identify and secure the devices that were used while working remotely. Inventory needs to be updated before returning to work, as well as throughout the process.
Securing devices should include identifying and fixing misconfigurations, patching, removing assets that aren’t expected to be online, malware scanning, and, if possible, restoring all devices from a known, good backup. All of this should take place even before connections are made to any trusted internal portions of the company network.
The opportunity to return to a certain degree of normalcy, along with a desire to recoup losses sustained as a result of the virus – increases the chances of human errors as employees return to the office.
Phishing attacks, forgetting processes that have not been performed in months, unwittingly violating security practices, accidental information leaking, etc. remain the top listed human risks.
As people return to offices with vulnerable devices, there will likely be uncertainty about practices and policies regarding personal devices and applications in the workplace. Physical security practices also need to be considered, as employees are likely to be both less prepared and out of practice to deal with social engineering after a period of isolation.