CYBER SECUIRTY
Beware of the return to office: How organisations can protect against pandemic sleeper threats By Rick Vanover, Senior Director for Product Strategy and Dave Russell, Vice President of Enterprise Strategy
40 | Cyber Risk Leaders Magazine
A
s organisations get closer to implementing returnto-work plans, most employees are excited about getting back into an office routine. They miss their colleagues, their favourite lunch spots, and the on-site corporate culture that can’t totally be replicated over Zoom. IT administrators have a slightly different view. They miss all the in-office benefits, too, but for them the prospect of having employees all get back on the network after a year of remote working is a scary thought. The admins worry that, after a period of being lax about security, employees will bring compromised devices back to the office and expose the company to new threats. They may have a point. Work on computers have played many roles during the pandemic – hosting everything from social gatherings to workouts, online learning sessions, home shopping and Netflix streams. Family members have borrowed Mom’s computer to play online games, and passwords have been passed around. Cyber diligence has taken on a lower priority than it should have. Cyber criminals are aware of how insecure employee environments have been. They struck with a round of phishing attacks during the 2020 lockdown period. Now, administrators are concerned that hackers might implant vulnerabilities in unsecure laptops and unleash them once employees reconnect with a wider array of resources inside the corporate network. Some companies did a good job getting ahead of security threats. When remote working became standard practice, some were able to issue company standard devices with regularly patched antivirus security. But the majority found themselves scrambling to enable quick and
adequate working-from-home setups that didn’t require regular updates, patches and security checks. A cybersecurity survey conducted in February reflects just how unprepared enterprises appear to be for the return-to-work security threat. Of those surveyed, 61% used their own personal devices – not work-issued computers – at home. Only 9% used an employer-issued antivirus solution, and only 51% received IT support services while transitioning to remote workstations. Administrators are bracing for trouble. They’re bringing large numbers of potentially unsecured devices back into the fold at the same time they’re preparing to accommodate a new normal based on hybrid home/office staffing. According to Veeam’s Data Protection Report, 89% of organisations increased their cloud services usage significantly because of remote work, and the trend is expected to continue, meaning there will be more endpoints to protect. So, how can organisations prepare for this transition? Below are a few steps they can take.
UNDERGO RIGOROUS RETURN-TO-WORK PREPARATION This is essentially the step where IT administrators physically go through all the affected resources and ensure they’re ready to re-enter the game. Start by carrying out risk assessments for each employee and each device. Which devices have been patched and regularly maintained? Computers used for remote working are likely to have confidential company
