With the lockdown continuing to loosen in many states, many businesses are re-opening their offices. What should organizations consider as they navigate the transition of returning to the office? Here are some cybersecurity tips for getting your business safely back to work.
While some workers will return to the office, many others will most likely continue to work remotely. Businesses will continue to face the challenge of managing a remote workforce. Administering those remote devices mean that businesses will need to continue to maintain their end point management strategies to ensure anti-malware is kept up to date and software patches are being deployed. A patch management strategy is essential to ensure that remote devices remain up to date and secure.
Any laptops (or desktops) that are returned to the office should be audited prior to being connected to the network to ensure the device contains all the necessary patches and does not contain any malware to avoid infecting the network.
Businesses that provided their staff with laptops to work remotely will need to decide whether or not to reclaim those devices when staff returns to office. Users have grown accustomed to the freedom and flexibility of laptop computing, many will not want to surrender that autonomy. Unless those laptops were “locked-down”, it’s recommended that an information asset audit be performed to ensure that any newly created or modified business data is identified and inventoried. Some staff may have comingled personal data on their business computers, any personal data stored on these devices should be deleted from the device. Conversely, users who were allowed to use their personal devices to access business systems must ensure that they have deleted business data from their personal devices.
Many furloughed back-office staff are eager to catch-up on their backlog of work. Cybercriminals are taking advantage of this and are targeting these returning workers with COVID-19 phishing scams.
Some businesses are enforcing new workplace policies and procedures to ensure that employees are not at risk of cyber infection. To prepare the staff, some businesses are offering webinars and virtual training sessions to review the new policies and procedures. Cybercriminals are launching phishing campaigns that are disguising emails and malicious files as COVID-19 training materials or directing workers to malicious websites that infect or lock their devices until payment is received.
Similarly, clearing through the backlog of invoices should not be rushed. Bank invoice fraud continues to be highly popular among cybercriminals.
The COVID-19 pandemic caught many organizations off guard. Businesses learned that they must be flexible and prepared, both from a security and broader IT perspective.
Businesses that saw little value in developing a Business Continuity plan found themselves scrambling to deploy infrastructure, applications, policies, and procedure to reorganize and enable a remote workforce.Given the risk of COVID-19 flare ups, future lockdowns may be required. Devoting some time and simple planning most businesses can put a plan in place to prepare for future disruptions.
We are living through an unprecedented moment in history. This pandemic will change the world in ways we’ve yet to understand. Stay vigilant and safe!