As an employer, welcoming your team back to a COVID-secure workplace is a return to a level of normality. However, it’s important not to open the door to new security risks when bringing staff back after a long period of remote working.
During the COVID-19 pandemic, more UK employees have worked from home than ever before. According to a YouGov survey, around one in five people went from never working from home to doing so constantly.
Coronavirus and the resulting lockdown have significantly increased cyber security risks for organisations, with many lacking sufficient controls to protect workers outside the workplace. This has been compounded by threat actors seeking to exploit the crisis.
Recent government restrictions have been put in place to prevent gatherings of more than six people, but workplaces are exempt. With large numbers of employees returning to work post-lockdown and connecting directly to corporate networks, organisations should be alert to the possibility that cybercriminals could be lying dormant on employee devices, waiting for the opportunity to move laterally through a network, escalate privileges, exfiltrate data and deploy ransomware.
These are the key steps you should take to help protect your organisation:
1. Provide employees with clear guidance and training
While working from home, your employees may have developed poor cyber security habits and used personal devices to access corporate data. Before they return, take the opportunity to remind them about the latest security risks and share with them any updates that have been made to your organisation’s information and data security policies.
Many organisations are providing training about new workplace rules to help prevent the transmission of COVID-19, but even these resources are vulnerable to cyber-attacks. Cybercriminals are now targeting Coronavirus-related safety training as a way to spread malware and steal data. Avoid these risks by clearly identifying the training materials and resources you provide and making them available through one online point rather than via email, if possible.
2. Sanitise devices before allowing them to reconnect to the network
Before allowing employees to connect directly to the company network, take the time to assess the health of the devices they have been using and screen them for threats.
This includes conducting vulnerability assessments to ensure antivirus software is updated, that the latest OS and software updates are installed, and strong passwords have been set.
To help minimise security risks even further, direct employees returning to the office to initially connect corporate and business devices to a guest or temporary network which is partitioned from the rest of the corporate environment. Business devices can be connected to the full network once sanitised, but personal devices should be restricted indefinitely.
3. Check devices for unapproved software
During lockdown, your employees may have installed software on their devices without the knowledge and consent of the IT team during lockdown.
While it may have helped them perform their role while away from the workplace, unapproved software can present a significant risk long-term risk. In recent research, over half (58%) of British business decision-makers surveyed said employees are more likely to attempt to work around enterprise security practices when working from home.
Unapproved software, including SaaS applications, can also present a significant GDPR compliance risk if company data is stored on third party servers.
4. Have controls in place to monitor for and report suspicious activity
Before welcoming employees back to the workplace, ensure that appropriate controls and procedures are in place to monitor networks, systems and endpoints for evidence that a breach has occurred.
If your organisation has a SIEM or EDR tool, check that it is configured correctly to detect anomalous user behaviours such as privilege escalation, VPN abuse and signs of employees attempting to access areas of the network and/or data that they otherwise shouldn’t.
Encourage your team to report anything suspicious. In the event of an employee making a mistake relating to security, avoid penalising them. Provide additional support and training to give positive affirmation about working to best practices.
5. Frequently review Identify and Access Management
Remote working has required companies to relax security settings such as IP whitelists in order to give employees access to the tools and services they need to perform their job.
As your staff return to the workplace, ensure that you regularly review your firewall settings to identify risks such as open ports and ensure that firewall policies adhere to the principle of least privilege.
It is also a good idea to review access to systems for any employees who have may have recently changed job roles and to swiftly revoke permissions for those that leave to prevent disgruntled employees from stealing data or other sensitive information.
Maintaining the new norm
Like many other organisations, it’s likely that the new norm involves you striking a delicate balance between staff working at home and in the workplace – making frequent security assessments and monitoring increasingly important. To maintain this, ensure that you take the right steps as early as possible. In order to minimise potential damage and disruption, it’s much better to be able to anticipate threats and ensure that appropriate mitigations are in place to swiftly detect and respond to them.
Seeking support and advice from an independent provider of security services can help to make the move from remote to office-based working as smooth and secure as possible. At Redscan, we have extensive experience supporting our clients to evolve their security posture in line with the evolving threat landscape. Our range of services includes remote working security assessments and penetration testing as well as Managed Detection and Response for proactive network and endpoint security monitoring.