For most UK businesses, the shift to respond to the Coronavirus lockdown was astonishingly rapid and reactive by necessity. The security teams that we worked with coped admirably with the adjustment and, at the time of writing, there have been no major or high-profile security incidents related to remote work in the UK (thankfully).
Now, as organizations transition their workforces back to the office, security and data privacy controls should be reevaluated in a judicious fashion, especially at the device and endpoint level.
This article covers our Top 5 suggestions for a secure exit from lockdown. Unlike the enforced WFH (work from home) regime, IT and security teams can take a measured and proactive approach, so there is no excuse for a lack of planning.
1. Plan for the Return of Laptops and PCs
The return to the workplace brings the reintroduction of devices into the corporate network that have lived outside the perimeter for months. One of the biggest security concerns is who else had access to work-issued devices such as laptops and PCs at home. Not every organization planned or accounted for the remote “travelling” of devices in terms of security, and/or the possible use of the devices by third parties.
Organizations should have a plan in place to identify and secure devices that were used while working remotely. We recommend that an inventory of assets be updated before returning to work.
Securing devices should involve identifying and fixing misconfigurations, patching, removing assets that shouldn’t be online, malware scanning/cleaning, and if possible restoring devices from a known, good backup. All of this should take place before connections are made to any trusted internal portions of a company network.
Equally, you will need to plan for how to deal with excess hardware. Redundancy in assets was necessary when working from home, but after coming back into the office, will your employees still need a laptop for home and a computer at work? Will those assets be stored for future remote work? Will they be resold, recycled or donated to charity? These devices will need to be properly wiped clean to prevent potential data breaches by future users.
2. Seek Out and Segregate Personal Devices
The rapid switch to remote working necessitated an un-managed reliance on personal devices for work use. Personal devices encompass not just personal phones, tablets and computers, but also USB storage devices and other peripheral items which are able to store or transmit data. This could even include fitness trackers or other plug-and-play devices.
If compromised by hackers and then attached to an organization’s infrastructure, these devices represent a potential vector to introduce malware into an enterprise network upon a return to the office, and a segway to give attackers access or leak personal data.
Of course, in an ideal world, personal devices would not be brought in as infrastructure upon returning to work. Any work that has been performed on personal devices would be sanitized and migrated onto organization-owned infrastructure. However, this may not always be feasible.
We recommend that organizations should plan for how personal devices can be integrated into the workflow as needed. Options include segregated and monitored networks specifically for personal devices and commercially available solutions for securing mobile, laptop, and desktop devices. In addition, employee education regarding the use of USBs and personal devices on the corporate network is fundamental.
3. Watch Out for Unauthorised Personal Applications
Remote working inevitably diffuses the line between personal and work life. With new working patterns it has been challenging to keep employees from using work devices for personal use. This presents the issue of unknown and unauthorised applications operating on work-issued hardware. Such applications include teleconferencing software, personal cloud storage applications, printer or other hardware drivers, and ahem…video games.
It is also possible that employees have taken advantage of “home user” or lite third party licences instead of enterprise-grade services. This could include VPN capabilities, remote backup, and other cloud offerings that might contravene contracts, or compliance measures. Remember GDPR!
Additionally, the heightened use of social media and general internet browsing on work-issued devices can increase the exposure to phishing and malware attacks. These applications present similar risks to personal devices but may be more problematic as they are present on devices which are likely to be considered trusted or secure by infrastructure standards.
Make sure you reach out to senior leaders with examples of targetted phishing attacks, and alert employees to the escalating cyberthreat environment. Remind them that they must remain focused and hypervigilant to suspicious activities, especially within the transition period.
Now would be a good time to perform some manual anti-virus checks and ensure that your endpoint security and SWG (secure web gateway) subscriptions are up-to-date. While working remotely and through the transition period, enterprise-grade endpoint protection, SWGs and CASBs (cloud access security broker) form an essential ring-fence against attackers. You are advised to ensure that they are operating effectively and are fit for purpose.
4. Safely Revive Unattended and Offline Systems
From an infrastructure perspective, another concern is the reintroduction of IT systems that were offline or unattended during the WFH period. Organizations may have ceased some or all IT functions during this WFH period. Those organizations which had to shut down completely may have also taken IT infrastructure offline for the duration. If this resulted in missed security patches, these systems maybe newly vulnerable upon their reintroduction.
Additionally, if systems were left online but unattended or unmonitored, they may have been unwittingly compromised by hackers who are waiting for a company’s return to work before deploying malware in the company network.
We recommend that any critical systems be completely scanned with an antivirus tool to ensure that no infections have taken place and logging should be checked for any evidence of intrusion. Security patches and configurations should be verified across all machines, especially those which were off or disconnected from infrastructure during the remote work period.
5. Test Your IT Security Infrastructure
The COVID-19 pandemic has widened the playing field for attackers who suddenly have a richer scope of attack to millions of poorly secured, widely dispersed WFH endpoints. Attackers have continued to deploy their arsenal to gain access to networks and systems, whether it be through social engineering, ransomware, phishing or other fraud.
Now is a great time to review, reset and fine-tune your security settings. A broad vulnerability scan can help to highlight gaps in security posture exacerbated by long-term remote connectivity. A breach attack simulation will ensure that your network and users are truly prepared for all forms of malicious activity. In addition, we recommend that you test your DDoS defences in readiness for the inevitable surge in opportunistic DDoS attacks as organisations transition back to the office. Business continuity is all important.
The Final Piece: Employee Well-Being & Communications
When and how employees return to the workplace requires process and planning. Employee health and well-being will underpin a safe return for all. It is important that remote users understand the transition process and that organizations have a re-entry plan for their remote assets. Ensuring that users know how remote assets will be collected and processed will go a long way to streamlining the transition back into the office.
An unplanned and haphazard move back to the office may cause considerable pain but there’s still time to prepare. Please get in touch with us on 0845 625 9025 if you would like help in getting your systems secured, tested and safely back online, or complete our online enquiry form.
