Cybersecurity Risks to Consider When your Workforce Returns
With many of the Covid-19 stay at home orders and work restrictions being relaxed, new and additional cybersecurity concerns will arise from the rapid reintegration of remote workers returning to the office. These risks are likely to impact even the organisations that were prepared for the switch to home working.
These cyber security threats have been classified into four broad categories: personal computers, unauthorised software applications, unattended networks, and human error. Each category is a risk for the introduction of malware or sensitive data loss from your Company.
With the mass switch to remote working, coupled with the impact of Covid-19 on production and procurement of new equipment has led to the increase of reliance on personal devices for work use. If these devices are compromised by hackers and then later attached to an organisation’s computer network, these devices represent a potential risk to introduce malware on the return to the office and to wreak havoc costing thousands of pounds.
In an ideal world, personal devices would not be brought into the office upon returning to work and any work that has been performed at home would be virus scanned and migrated onto the office’s network. However, as this may not always be feasible, organisations should plan how to integrate personal devices into the workflow as necessary. Options include separate and monitored networks specifically for personal devices and commercially available solutions for mobile, laptop and desktop security.
Home working, unfortunately, can create an overlap of work and personal life and this can have a knock on affect with using work devices for personal use. This presents the risk of unapproved and unvetted applications operating on work hardware, such as video games, communication software, printers etc. Additionally, the use of social media and general internet browsing on work-issued devices can increase the exposure to phishing and malware attacks. The same is true for personal devices due to lack of up to date virus scanners or because programs are more likely to be considered trusted and secure by your computer standards.
Companies should have a plan in place to identify and secure devices that have been used while working remotely. Inventories should be updated before returning to work as well as during the return process. Devices should be secured, involving identifying and fixing misconfigurations, patching, removing assets that shouldn’t be online, malware scanning/cleaning, and if possible restoring devices from a known, clean backup. All of this should take place before any connections are made to your trusted internal portions of the company network.
Reintegration of unused systems
From an IT perspective another risk is the reintroduction of computer systems that may have been completely shut down for the duration of the working from home period caused by Covid-19. This may have led to missed security patches; these systems may be newly vulnerable upon their reintroduction. Additionally, if systems were left online but unattended or unmonitored, they may have been unwittingly compromised by hackers who are waiting for a company’s return to work before deploying any malware that is on the company network.
Before returning to work, any critical systems that have not been monitored should be thoroughly scanned with an antivirus tool to ensure that no infections have occurred, and logging should be checked for evidence of intrusion. Security patches and configurations should be verified across all machines, especially those that were disconnected from the main network during remote operation.
During this period, as people return to the workplace with vulnerable devices that we mentioned earlier, there is likely to be uncertainty about policies and practises regarding personal devices and applications in the workplace. With the return to office normality the likelihood of human error is also likely to arise from falling victim to phishing, unwittingly violating security practices, forgetting processes that have not been performed in months or accidental information leaking, for example. In addition, phishing attacks in the context of IT or financial services may be more persuasive than usual and pressures to return to standard operations may encourage complacency. Physical safety practises must also be considered, as employees are likely to be both out of practise and less able to deal with social engineering after a period of isolation.
Phishing education programs and training should be restarted. Monitoring and continuous adjustments of email filtering rules should remain a priority. Additionally, training specific to the organisation’s physical security concerns should be conducted upon the company-wide return to work.
The Covid-19 pandemic has already hit many businesses financially, slowing down operations and affecting productivity. The last thing a company needs to do when it returns to more normal operations is to be affected by a cyber incident. Cyber insurance may cover downtime and identify the technical and legal expertise needed to mitigate and remediate intrusions.
Contact us today to arrange a full due diligence report or to arrange cyber cover.