Tamer Odeh, Regional Director at SentinelOne in the Middle East, discusses the preparation CISOs and CIOs should consider to offset security implications that arise from returning workforces from home and back to the office.
While governments and public healthcare specialists are looking into the timing and manner of reopening the economy, at some point in the hopefully not-too-distant future restrictions will be eased and businesses will return to normal operations.
Returning to recently vacated offices will certainly signify a return to normality, and for most, that will be a welcome relief after working from home for an extended period. However, just as the shift to working from home required organisations to adapt and act differently, so will the return to the office.
In this article, we discuss the preparation CISOs and CIOs should consider making to offset several security implications that arise from returning your workforce from home and back to the office.
Making sure returning devices are safe to use
When returning to the office, employees will haul back all the IT equipment they have used at home. Some of this is trivial office equipment like screens, docking stations and cables, but computing devices can be a security blind spot.
Rogue devices: While unknown connected devices always pose a security risk, the return to the office represents an even bigger risk. People could have used all sorts of devices during their time at home, for leisure and convenience. While there, such devices may not pose a serious security risk, but if they are introduced to the corporate network, they could become one.
Do run a scan on your network to identify new, unknown devices.
Home laptops: Some employees working from home may have had to use their own laptops, either because in the rush to vacate offices the IT department might not have had sufficient inventory or just through personal preference.
In such cases, they are likely to bring these laptops with them when they return to the office, plug them into the corporate network and continue to work as they had been doing at home. These devices could potentially be infected with malware if they have not been running updated, corporate-grade EDR solutions.
Do forbid work on personal laptops in the corporate environment whenever possible.
USBs and NAS: Another practice employees may have adopted while working from home is the use of USB thumb drives and network storage devices. Personal storage devices should be prohibited in the corporate environment and not allowed to connect to company computers and networks.
Do enforce device control to block unauthorised USB and other peripheral devices.
Inventory: As many employees took equipment home, it is necessary to register and keep an up-to-date inventory of this equipment and its whereabouts. In the first instance, this makes sense to avoid wasting resources: ensure employees return cables and screens that they have borrowed from the workplace. It is possible that some staff took an extra laptop home and that the device is now stranded somewhere, perhaps even connected to the home network and exposed to the world.
Keeping insecure software off your network
Even if the devices used at home were company-issued, they can still be a threat if they are not installed with updated software and security systems.
Updated OS and software: Unpatched and outdated operating systems can facilitate data breaches. Some employees may have ignored the update prompt or rescheduled these indefinitely. In addition, some computers and servers left on-premise may have been shut down throughout this period.
After restarting these, it is important to install all available software patches and updates. Do make sure that all software is patched on all devices returning to the office as soon as practically possible.
Updated and Active EDR: An updated EDR solution was vital to securing the laptop at home, and it is of course crucial in securing all devices in the work environment. It is not unheard of for some employees to disable security software in order to perform certain actions on their devices.
Do ensure that all your endpoints have an active and up-to-date EDR Solution.
Unregistered software: It is possible that some employees have installed software for their own use, perhaps because they were unable to use company resources or simply because it was more convenient than asking for the approval of the IT department.
Software license inventory: Working from home may have required certain software licenses that are no longer needed when working at the office. For any software that employees no longer need access to, it’s sensible to cancel these licenses to reduce costs.
Preparing processes and procedures
In addition to inspecting devices and ensuring proper software is installed, certain processes and procedures must be implemented in order to facilitate security.
Password reset: It is possible that employees have shared their laptops and credentials with their family or friends. They may have re-used passwords on new services or devices at home or lapsed into other insecure habits. Do ensure that all your employees are aware of company password policy and enforce compliance.
New employees: Some companies have recruited new employees during the COVID-19 outbreak and have onboarded them remotely. Moving into the office will be a new experience for these new hires and they may need an early refresher on training that was not applicable while they were working from home.
Do ensure new hires are up to speed on additional company security policies that are pertinent to working in the office.
Maintain readiness for WFH: At some point in the future, it could be necessary to transition to work from home again, and there’s always the real possibility in the near-to-mid-term future that individual employees could contract the virus and need to self-isolate again.
Therefore, it is prudent to use the lessons learned from the mass transition to work from home in early 2020 and be better prepared to do it again, whether on a small scale or throughout the company. This includes having an up-to-date inventory of all IT equipment, having all company laptops installed with a modern EDR and ensuring that employees have access to company assets via VPN protected by 2fA.
Do formalise the lessons learned from this unprecedented crisis so that they can be used to help your business manage future crises with less pain.
