At the beginning of lockdown we advised that businesses should strengthen their cyber-security measures whilst their employees worked remotely.
Now that a lot of businesses are preparing to bring employees back to some form of office based working, the message we are promoting is “don’t slack because you’re back”. That’s why, at the very least, we recommend your business continues to adhere to any of the enhanced cyber-security and data protection protocols it introduced during lockdown.
However, cyber-criminals will only view the return to the office as another opportunity to pursue their agenda. So, we believe now is the perfect time for businesses to reassess their cyber-security strategies and strengthen them even further.
With all this in mind, today we have listed four cyber-security considerations for getting back to the office securely.
1. Review your cyber-security strategy
Before your people return to office based working, you should review your cyber-security strategy, decide whether it is sufficient to counteract the threat landscape and be ready to adapt it where necessary. As part of this assessment, we advise that you:
Identify any vulnerabilities of office based IT infrastructure
You should perform a review of your existing technology infrastructure to see if it remains resilient to cyber-crime. Cyber-criminals are always on the lookout for security weaknesses, so it’s crucial that you can identify them too. Your check should include network scanning, firewall logging and vulnerability scanning. Of course, once you have checked and verified any vulnerabilities, you must then take action to mitigate them.
Evaluate your organisation’s ability to execute the strategy
It is likely that some businesses will continue to work remotely and that some others will bring back their workforce in phases. Whatever you decide, you should assess whether you have sufficient IT resources at hand to implement the strategy so that productivity is maximised without compromising on security.
2. Make sure that your software is up to date
At this point, we ask you to think about your endpoints. During lockdown, it’s likely that your employees either used their own devices, or portable solutions like a laptop or tablet that you supplied to them.
In either case, your people will likely go back to using devices, such as desktop computers and thin clients, which have been lying dormant for months. These will probably need to have security updates installed and, indeed, without them they are vulnerable. To mitigate risks, all operating system, anti-virus and firewall software should be made up to date, in advance of any return to office working.
The same goes for any personal devices that employees bring back to the office with them. These too should be scanned for malware and any security updates should be installed before being introduced to your network.
3. Make sure that your employees are up to date
In addition to updating software, businesses should update their people too. No, we don’t mean that literally. Rather, we recommend that you keep them up to date on the latest cyber threats and try to foster a greater appreciation for data handling best practice.
That’s because, having worked remotely for so long, people may have slipped into some bad habits that could put your data at risk. Perhaps the passwords they are using are weaker than they used to be, making them easier to crack. Maybe they have started saving files in places they shouldn’t, making the likelihood of them ending up in the wrong hands greater than it used to be.
Or else you may have brought new employees on board during lockdown and so they will need to be brought up to date with your company’s information governance protocols.
In any case, now is the perfect time to re-educate your people on cyber-security matters so that they can be an effective first line of defence.
You can find out more about some of the most common cyber threats here.
4. Monitor your network in real-time
Without active monitoring and remediation, the nefarious activities of cyber-criminals can go unnoticed. To make sure that you don’t have an undiscovered cyber-security problem, you should consider a solution which actively monitors, reports on and potentially even fixes security issues across your network in real-time.
You should choose a solution which fully understands context, i.e. it continually learns what normal behaviour is across your network by considering the relationships between identity, device, location, time and behaviour in any given circumstance. This means that alerts to abnormal and therefore suspicious behaviour are more meaningful and actions can be prioritised accordingly.
If you are concerned about your organisation’s cyber-security when returning to the office, we are here to help.
For instance, you can talk to us about our Blue Rock cyber defence services. Blue Rock actively works with clients so that there is consistent and proper handling of data across their organisation. This is achieved by setting up processes, empowering people with knowledge and using technology to help make adherence to processes easier.
You can also talk to us about our Security as a Service offering, which incorporates advanced monitoring, deep analytics, machine learning and automated response. We will identify threats and issues that need to be remediated and work with your IT team to resolve them. More information about Concepta Security Services is here.