Preparing your network and employees for a safe return to the office
With the vaccine rollout continuing and positivity on the horizon due to significant reduction in COVID-19 cases, companies are now planning how to return workers to the office safely. To start, employees will most likely return to a hybrid workplace, one where they rotate in and out of the office, part of the time in the office and work from home the rest of the time.
Securing your network and employees will be critical during transitions. While small businesses may perceive this to be a matter of going back to "business as usual" and resuming normal IT operations, there are a number of complexities brought on by the mass exodus out of office that need to be considered. Just as in the beginning of the pandemic, cyber criminals will almost certainly increase their phishing attempts and other malicious attacks, taking advantage of overlooked network vulnerabilities and resource-thin IT teams. To protect their networks, employees and critical data, companies will need to create plans and introduce new safety protocols to ensure security as employees transition between working from home and in the office.
Secure The Wave of BYOD
Most crucial in bringing the office back to a secure state is ensuring that no systems are overlooked or forgotten. In the hectic rush out of office which marked the beginning of the COVID-19 pandemic, employees have often turned to using their own personal devices to keep business matters running smoothly. This is far from ideal, and the transition back to office, businesses need to ascertain exactly what devices accessed business operations. Many of these devices, often overlooked by both employees not fully cognizant of the risks involved and by overburdened IT departments, may connect to unknown or non-approved apps. In addition, with the return to the office, it is highly likely that these devices have gone back and forth between business networks and more poorly protected home networks.
Assume the Worst to Protect the Future
To manage these risks, planning for a smooth return needs to start with IT. The IT department should take steps to protect the network before any return process may begin. They must take a thorough approach, in which all endpoints are treated as high-risk until proven otherwise. In doing so, the team should also backup any data which is confirmed to be safe and secure. To accomplish this, it will be necessary for teams to review their existing security configurations, and perhaps more importantly, review and update their existing security policies.
The IT team cannot do it all alone. While security policies are important, those policies mean nothing if not enforced and followed by a team of employees which understand the implications of where their data goes and the consequences if it’s compromised. The same is true for vendors, who should always be updated with any policy changes which affect accessing the corporate network.
While it’s always important to keep staff appraised of cyber hygiene best practices, now more than ever it is crucial not only that those connecting to company networks understand the policies in place, but why those policies exist - to keep the network secure from potentially crippling attacks, which are on the rise at all levels of business. By explaining how lax BYOD and connectivity policies open potential attack vectors, and by demonstrating how a well-designed security policy minimizes those threats, firms are more able to ensure compliance, keeping their networks and employees’ critical data secure.
Photo credit: DC Studio/ Shutterstock
Heather Paunet is Senior Vice President of Products & Marketing at Untangle. Untangle is a leading provider of security tools and services for SMBS and distributed enterprises. As such, Heather is particularly attuned to the challenges which small businesses currently face, and is eager to speak to security management options for IT teams seeking to successfully navigate a hybrid or full return to the office.