COVID-19 has rapidly changed the landscape of our professional lives. No one could have predicted the year that we have seen, nor the digital transformation that has occurred in many organizations as they quickly adapted to a work-from-home model.
The good news is that eventually the pandemic will end and most people will return to their normal duties working in the office. After spending months working from home, many of us are anxious to go back to the office on a regular basis to meet with colleagues and clients and experience the social interactions that we didn’t know we would miss so much.
During the early stages of the pandemic, there was an uptick in cybersecurity incidents related to remote work. Some organizations rushed to open remote access and quickly provided laptops for employees to stay productive from home. These organizations may also have given users local administrative rights on their laptops, allowing them access to install any software on their machine. This can open up the machine to vulnerabilities, especially if the software is potentially malicious in some way.
As companies are thinking through their return-to-the-workplace strategy, managed IT service providers urge organizations to make sure that cybersecurity risks of coming back to work are taken into account. Implementing a comprehensive plan for your organization before employees return is of the utmost importance. The risk appetite (risk that an organization is willing to accept) will be different for every organization, but the basic checks will remain the same for most organizations. Companies need to know how to ensure that the devices that were used in homes for months are not compromised and will not be leveraged by threat actors to wreak havoc as soon as they are connected to internal networks. An organization may have many technical controls in place to prevent incidents within their network, but it can be difficult to account for the wild card of machines that have been at other locations being introduced back into the office.
What software was installed by the employee and what other devices have been on the same home network 24/7 for the past few months? How can you assess how the device was used in the household or the level of exposure to unsecure devices?
Once threat actors gain access to a system, they can be idle for days, weeks or even months before launching a cyberattack, waiting for the right opportunity to strike. Unfortunately, this may be when the user brings in the infected machine and reconnects to your network, allowing the threat to infect many more machines in your organization.
In addition to standard practices like effective patch management and up-to-date malware protection, it is recommended that IT staff review these devices before they are reconnected to the internal network. This can be done manually or with the implementation of a network access control (NAC) system. This allows your organization to set a baseline that machines must meet before they can connect to your network. These baselines could include ensuring that the machine is patched with the latest critical updates, making sure the firewall is turned on, and that the machine has anti-malware software installed.
The majority of these solutions can be tailored to fit your organization’s specific needs. Managed IT providers can assist companies in putting together a plan to make sure employees’ devices do not put your information and systems at risk.
Gui Cozzi is cybersecurity practice leader at Dean Dorton, a Kentucky CPA accounting firm with an IT security/tech consulting division that offers a comprehensive portfolio of information security services.