During this pandemic we have had to deal with the cybersecurity concerns of remote workers. As stay-at-home restrictions are lifted, many operations will open their doors for workers to return.
New efficiencies have been established. We now use our cameras, microphones and headsets as a standard of business communication. We learned about the privacy and security issues that arise from remote working. Many times security took a backseat to getting folks up and running, only to be considered later.
We needed to think about how network resources were being accessed from insecure (home) networks. Data being downloaded through these connections was at risk unless a strong and secure posture was implemented in the infrastructure. Now, as workers return, is the downloaded data left behind on personal devices? Security measures need to be put in place to handle this type of vulnerability.
Chances are some workers will still be part of the remote workforce. IT professionals will face some interesting challenges supporting work-from-home and onsite workers.
Many best practice security considerations were delayed, or simply ignored, during the sudden shift in work environments. If these have still not been addressed, now is the time to catch up.
- Inventory: Some devices and equipment left the organization quickly. Check your inventory and update accordingly. Enlist employees to help track down the devices and equipment.
- Updates and patches: Some equipment may not have left the organization during this time and will be in need of updates. If a system had not been in place to update remote equipment make sure to institute such a plan.
- Personal devices: Mandate that personal devices do not enter the organization and that all company data be removed from them. Ensure that you have encryption in place for all data at rest and in motion.
- Review your organization’s workflows and access to data, software and hardware.
- Scan all devices for malware or unauthorized apps and software.
- Continuous monitoring of your internal network as well as traffic that traverses your Internet connection is important. Reconnecting devices that may have been exposed to malware when used on an unsecured network can reveal hidden dangers.
- As devices return to the workplace, they will likely connect to your wifi automatically. You may want to consider changing the password of your access points.
- Review your remote working implementation. What went well and what needs improvement?
- Implement a security awareness program. COVID-19 phishing scams are prevalent; training users to recognize and report scams is vital to keeping the organization, and its users, safe and secure. Review basic best practices and password security.
- Update your incident response plan. The pandemic has taught us that preparation for uncontrollable incidents is necessary. Although no one could have predicted this sudden shift in environments, we know that an event, large or small, is possible and disruption can be minimized in order to achieve business continuity.