It may be a bit too early to know when the workforces around the world will return to office. However, as governments begin lifting emergency orders, company leaders have started exploring measures that will protect their workforces when they return. Many of these measures revolve around health and safety of the individuals, but one must also acknowledge the importance of safeguarding the devices being used by the workforces during the lockdown.
The new work-from-home world has poked countless holes in security perimeters. When the lockdown was announced, many organizations had to provide remote access to data in a hurry, which may have unknowingly compromised the security. Cybercriminals have been taking advantage of the situation and there has been a surge in cyberattacks during last three months. Many of the devices being used by your employees would have been exposed to such cyberattacks and imagine the threat to your cybersecurity when these devices will be connected back to organization’s internal network!
3 Work From Home (WFH) habits posing severe threat to cybersecurity:
- One device for multiple purposes– There has been a mix of work and play while using the office devices, be it laptop or smartphone. E.g. Video conferencing apps are being used for business as well as personal calls to connect with friends/family. In addition, several personnel would have downloaded personal applications such as online sessions of teenage child, gaming, music etc. Such devices are more prone to get infected.
- “Remind me tomorrow”- Many of the employees would have got used to hitting the “Remind me tomorrow” button for security patches or latest software upgrades. Such practices weaken the defence against cyberattacks.
- Zero backups- People were used to taking constant back-ups on office server while they were in office but WFH would have changed this habit leading to zero backups.
The threat actors have already exploited and are still exploiting the fear coupled with confusion around the coronavirus outbreak to launch sophisticated cyberattacks. The “return to work” phase is going to provide them yet another opportunity to launch cyberattacks. Thus, the company leaders, especially those responsible for IT infrastructure, should also prioritize organization’s preparedness for this event by bolstering its cybersecurity.
Here are some of the recommended steps to ensure smooth transition:
- Re-define cybersecurity policies in order to cover the modern risks/threats
- Scan all returning devices for vulnerabilities before they are connected to office network to avoid the spread of digital germs (if any)
- Update all applications and systems so that latest security patches are in place
- Educate employees on cybersecurity so that they get rid of the risky habits adapted during work from home
- Opt for cyber insurance, but do not consider it to be a substitute for cybersecurity
While ‘the new normal’ regarding work from home is being practiced around the world, some office-bound reflexes may have relaxed which can provide an opportunity to cyber criminals to breach into the organizations network. Thus, regardless of when you decide to call your workforce back to office, and whether it’s all of the employees or just a few of them, you have to plan the return process carefully. The health of your employees must be the top priority while planning, but you must also give due importance to the cybersecurity aspect.