The UK Government is now actively encouraging workers to return to the office. Seen as a move to revive the ‘commuting economy’, it throws up plenty of questions for employers about making their return as Covid-safe as possible within the current guidance. One thing you might not have considered, however, is the impact on technology and cybersecurity. Here are three crucial things you should know as staff begin to head back into work:
1. Re-establish work/life boundaries on devices
Chances are, your staff have been using personal devices to perform work tasks while at home – or vice versa. This probably means that work networks have been accessed from unsecured personal devices, and that personal data and unauthorised applications might also now lie on work devices. Both of these are a significant security issue. Personal devices represent an easy backdoor into business data, and cybercriminals know it. Applications and browser add-ons (even if from an ‘official’ app store) have been known to spy on users’ activities or install malware. The challenge, therefore, is to find a way of sanitising work done on personal devices and re-securing work devices. That probably looks like a process of identifying and fixing device issues, installing patches, removing assets and accesses that staff don’t need to have, malware scanning, and ideally restoring work devices from good backups – something you should start as soon as they bring their devices back into the office.
2. Check before firing up pre-lockdown systems
Another major concern is the reintroduction of systems, services and servers that lay dormant or unattended while everyone worked from home or was furloughed. Any infrastructure that was left offline probably missed vital security patches and updates. Equally, systems that were left running but weren’t monitored may have been compromised by hackers who are waiting for the right time to deploy malware. In either case, before firing anything up you should scan with an antivirus tool and check logging for any evidence of intrusion. Security patches and configurations should be checked across devices, including those that were offline or unattended during the period of working from home.
3. Talk to your teams
Life has changed in lots of ways since the start of lockdown in the UK. The opportunity to return to some kind of normalcy together with a need to be productive and recoup any losses may mean your staff are more vulnerable to human error on their return. That could mean that staff fall victim to phishing attacks more easily than before, for instance, or accidentally leak company data by being out of practice with your security protocols. These errors could be compounded by a natural uncertainty that comes with returning to a workplace that hasn’t been operational for months; staff might not know who to approach if they suspect a problem on their personal devices, for example. Cybercriminals are not immune to the pressures facing employees returning to work – they’re capitalising on it already.
The key here is openness. Make sure your employees are retrained in cybersecurity practices as soon as possible after their return, and promote an open-door culture around technology; make sure that concerns can be raised easily. Phishing tests might be a useful way to establish a new benchmark of how prepared your staff are against cyberthreats.
We’ve been working with UK SMEs to help protect their businesses for years now. The pandemic is an unexpected challenge, but should be handled like any other downtime or potential breach. We can help you recover your IT capabilities and stay secure as your teams return to the workplace. Contact us to find out more.