Over the course of the last year the global pandemic forced many urgent business decisions. First came the major shift to remote office capabilities – email, document sharing, collaboration and security were a prime focus. Cloud technology made that transition a success story, but a lot of changes are still unfolding and businesses now have new challenges to figure out, especially now that many State Governors are removing or curtailing office occupancy restrictions.
With vaccines making their way throughout the country and lockdown restrictions loosening up, a debate surrounding the office return emerges. Hybrid vs. remote vs. full-time – every scenario is different, as well as the rules and accommodations to make the return safe and productive for all. User systems will be coming back as well, and their absence from the network could present new challenges.
Returning to Base
In the vast majority of cases, computers and mobile devices have not been on-premise for close to a year. Ever vigilant from a security perspective, the best way to approach the “repatriation” of these systems onto the office network is to regard them as potentially infected.
At the very least, consider that these devices are not in the same state as when they left.
During this time, the company office extended into the homes of employees, and the line separating home from work was essentially diminished. For example, new applications may have installed or updated, modifications might have occurred and patches and threats have come through. Even with device management in place, the potential for unaccounted change from field devices is significant.
Consider this both a threat and an opportunity. The first goal is to ensure that workstations have been adequately patched and updated. Devices, security software and applications must be validated and brought up-to-date before actively working on networks hold sensitive, critical data. And the list of tasks continues:
- Review of Wi-Fi configurations – In most cases, open Wi-Fi is a major risk.
- Jailbreak or hacked devices – A simple no-go, not-allowed.
- Certificate installation – Endpoint certificates should be reviewed and updated as appropriate.
- Overall device health – Gather user and machine reports, and consider the device service lifecycle.
- Device Compliance; Is the device encrypted per the technology policy?; Is a PIN code or Multi-Factor authentication enforced?
- Is security software installed and up to date?
- Rogue applications – In the wild, various applications can creep into the picture.
Another component that has potentially changed: people.
Since going remote, employee technology behaviors may have progressively changed and became lax. There is an undeniable human component to company cybersecurity. As much as 90 percent of data breaches occur due to human error, carelessness, or lack of vigilance. Despite those continuing lessons, businesses are often surprised to find themselves just a click away from the next breach or ransomware disaster that will make them a headline sensation in the wrong way.
Communication is the key to pursuing better outcomes. Renew good cybersecurity practices and hygiene when it comes to potential targets such as email, workflow, mobile access, web behavior and outside applications.
This is also an opportunity for the business to deploy much better comprehensive and compliant security such as mobile management, enforcing password protections, enabling multi-factor authentication, device encryption and a more significant technology principle such as Zero Trust.
The enterprise should also seize this opportunity to re-establish and update protections such as advanced anomaly detection, data classification and protection, data loss prevention (DLP) and review the tenancy of data in the cloud and on user workstations.
The modern workplace is framed upon the understanding and expectations that exist between the business and the workers that embody the missions of the business. Technology and cybersecurity make workflows and engagements possible, so it would behoove technology and business leaders alike, to seize this return to the office opportunity to step up their security posture.
Emil Sayegh is the President and CEO of Ntirety - a leading managed cloud service platform.