Letting your users return to the office... safely

Discussing how to allow users back into the office environment without bringing malicious software in or overwhelming your security systems.

Cast your mind back, March 2020. Beginning of UK lockdown, many of us were trying to quickly implement, scale up and configure remote access systems. There was a whole host of companies offering free trials to help you get set up securely but no time to test rigorously and most of us were in a bit of an operational nightmare. Mobilisation of your workforce may have resulted in rapid deployment of solutions and relaxation of security measures in order to get your workforce back online and productive.

As we consider how to safely allow users back into the office environment and / or choose to extend our working from home policies, we must contemplate the whole host of risks that accompany these choices.

It’s not all doom and gloom but here’s some food for thought:

Unpatched endpoints

If there are any manual steps involved in patching, endpoints may not have been updated during lockdown. If you are unable to force or automate patching across your devices simply asking your users to manually run updates before they return to the office will help to mitigate risk.

Walking straight through the front door

Attacks, especially phishing attacks, are becoming increasingly sophisticated so it’s highly likely that users will have unwittingly triggered these during the lockdown period. There has been a huge increase in phishing attacks during lockdown especially those masquerading as 0365 and Covid-19 updates. If you haven’t got cloud-based endpoint security solutions in place, we would recommend you stagger the return of your staff to avoid overwhelming your existing security stack.

Shadow IT

You are likely to discover a variety of unsanctioned applications have been installed throughout lockdown, new unvetted software and programmes sat on your employee’s devices pose risk to the company. Wandera found trojan malware in 17 popular Apple Store apps ranging from yoga apps and fitness trackers to FM radio and file management apps. We recommend you investigate tools that provide full visibility into the reputation of these applications to ensure they are not posing risk to the company. We also recommend you review the permissions of these apps to ensure they are relevant to the application for example a FM radio app does not need access to your camera, contacts or documents.

Data Silos and Protection

Many of your users will have been sharing devices within the home so you may find they are now logged into corporate services on personal devices. Corporate data may have been saved into personal cloud and device storage. Putting you in real danger of data loss and data breaches. We advise you identify high risk users and assess where they have saved data during lockdown to help you to prioritise, retrieve and protect your company data.

Interested?

Want more information?

Get in touch with us