Back to the Office: Don't Overlook These 4 Cybersecurity Tips

Despite these efforts, the impact of the COVID-19 outbreak has resulted in 6.3 million workers being furloughed by 800,000 UK firms, totting up to an impressive £8 billion in support by 3 May. By contrast, over 40 million US citizens filed for unemployment due to layoffs. However, with lockdown gradually loosening, and many returning to work in sectors where home working isn’t possible, offices up and down the UK and US are set to get busier again. In the US alone, the labor market improved in May with unemployment rates falling to 13.3%, down from 14.7% in April, as businesses started hiring again.

With so many businesses navigating the transition of coming back to work and many more stuck working from home, what should organizations be doing to keep on top of their cybersecurity? Let’s take a look at the top security tips for getting businesses out of lockdown and back to work.   

Not business as usual 

Many companies will retain remote working even once lockdown has been eased, which means those home endpoints aren’t going anywhere. Antivirus licenses and an appropriate patching strategy needs to be kept in place as before, and many businesses that provided staff with laptops will need to decide whether to maintain that flexibility or not.  

Laptop docks in offices are a good halfway house here, especially for firms that have just invested in new hardware. If you adopt this type of hybrid endpoint strategy, it’s worth bearing in mind that machines in home environments may not have fully updated all products, and some will stop checking in after a while, so push/manual updates may be needed. Home machines may also have seen non-business use during the enforced remote working period, so asking staff if that’s the case, and whether anything else suspicious occurred is a good idea.  

VPN usage surged during lockdown, but as workers return to the office, network access needs to be reviewed to ensure the right solution and security protocols are in place for the business. For those that have an IT company managing its infrastructure, make sure that they undertake a strategy review to ensure your entire network is protected.

Criminals will undoubtedly continue to exploit remote workers with targeted phishing attacks, especially during a period where a staggered return to work is being managed. This approach will create gaps, which criminals will certainly be preparing to take advantage of. The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) jointly advised organizations that of a growing number of cyber criminals and other malicious groups are exploiting the COVID-19 outbreak online for their own personal gain.

Approximately $2.5m dollars (£2m) has already been lost to coronavirus-related fraud in the UK at least and COVID-19 was blamed for a 238% surge in cyberattacks against banks globally, with a marked uptick in financially-motivated attacks when the US confirmed its first case.  

Don’t jump straight back in 

A huge number of furloughed staff will be heading back into the office, raring to catch up on their email backlog. This is a significant potential danger point, as all those phishing and ransomware links are waiting to be clicked. Criminals have been highly active during lockdown, creating new methods to avoid corporate network security – for example, the Google ReCaptcha phishing scheme, so urging caution is essential.   

Similarly, clearing through the backlog of invoices shouldn’t be rushed without due process - bank invoice fraud is still highly popular among criminals.  

Companies should also not allow PCs and devices back onto the network until patching and security updates have been completed. It’s recommended that they go through a quarantine process to avoid infecting the network. This is even more critical if office-based equipment has been used at home.

Plan ahead 

Many businesses were caught out by the pandemic in terms of their infrastructure. Many experienced a huge spike of requests to set up VPNs, as well as a big uptake in endpoint security requests in order to reorganize for remote working. There’ll be many businesses breathing a sigh of relief that they ‘got away with it’ and be charging ahead with business as usual.  

One of the lessons to be learned from the pandemic is that businesses must be flexible, both from a security and broader IT perspective, and the time to consolidate that is now. Whether the US and UK see another lockdown and a second peak shouldn’t be the big motivator here - properly configuring cloud services and remote working protocols for handling data and everyday business processes is essential for modern working. This doesn’t mean spending big but spending smart where necessary, and getting your strategy right. An obvious area to consider is phishing training for your staff. Don’t assume that technology alone will protect you.  

Data audit 

The sudden switch to remote working has the potential to scatter business data across various locations. Although the majority of businesses are aware of GDPR, it’s best practice that those who manage personal data conduct a comprehensive data audit. From hard drives to USBs or personal computers, data needs to be encrypted in line with internal data policies. Failure to comply with this could result in data breaches and hefty fines.