After setting employees up to work from home over a year ago, now HR and IT departments must work overtime to make sure employees and their tech don’t recklessly come back to the office and spread viruses.
Q2 2021 hedge fund letters, conferences and more
- What can companies do to avoid putting their systems at risk?
- What investments are necessary to secure corporate data in the post-pandemic, hybrid workspace world?
Cybersecurity Tips For Returning To The Office
Privacy and Security company Clario is offering 8 cybersecurity tips for returning to the office.
-
Bring Your Own Device
Develop a ‘bring your own device’ and endpoint protection policy. This entails creating procedures that allow you to check all of the devices that employees used while WFH before connecting them to the corporate office network. Since many companies have allowed staff to use their devices, this WFH policy must be mandatory if you want to protect your corporate network. It includes standards that must be met by the device of an employee who connects to the corporate network.
Also, work out a list of solutions employees must have installed on their devices in order to verify that they are allowed to use their personal device in the office. This can be the presence of antivirus, restrictions on the installation of certain solutions, the presence of a VPN, etc. For example, we at Clario Tech use F5 VPN, which scans devices for certain vulnerabilities. And it does not allow any Clario person to connect to important corporate systems without passing this verification. If the test is passed, then you can access the corporate network with this trustworthy device.
-
Implementing Policies And Educating Employees
Implement these policies and educate employees on how to follow them. At the beginning of the pandemic, many companies were too busy trying to survive. It meant many missed a very important step in the process of transferring employees to WFH.
I am talking about training employees on how to use corporate resources in a way that will keep your corporate data safe. But better late than never, because even if you have not done this training yet, you can still offer it to employees when they return to the office or you switch to a hybrid work model.
Conducting knowledge sharing sessions can be part of this. Yes, it might be difficult to organize online as you cannot see employees and how attentively they are listening. However, in order to make sure that employees have correctly absorbed the information you can- test their knowledge in practice. We at Clario Tech did quizzes at Cahoot after every webinar. The person who scored the most correct answers received a great gift.
-
Creating Technical Controls
Create technical controls to enforce these policies. Your company must have monitoring systems to help identify possible security vulnerabilities. You can arrange checks - so, send suspicious emails and see if the employee understands that this is an example of a phishing attack. Use security awareness tracking platforms. They emulate phishing attacks and help measure how well your employees know how to protect corporate data. They help you understand where the knowledge of your employees is lacking and what you need to focus on in training. I advise you to use these tools.
Also, corporate security training is one of the first onboarding sessions offered to all our new staff. I recommend you do the same. For many newcomers, even the most obvious do's & don'ts are helpful.
-
Use Awareness Tracking Platforms
Train employees and measure their awareness using awareness tracking platforms. Respond and take the time to educate yourself on issues where you see your employees' knowledge is insufficient.
-
Create An IT Support Team
Create a process where an employee can always turn to your security specialists for help. For example, each Clario person has access to our IT support team at all times for any technical issue. The team replies within a few minutes and helps our people to figure out the safest course of action. This allows us to minimize the risk that team members will do something unsafe, simply because they have no one to ask for guidance.
-
Provide A Secure Alternative For Tools Needed For Work
If a person or your business has a need for some kind of tool for work, study how safe this solution is and provide it or the matching secure alternative. Your employee’s request will still be relevant, even if you refuse to provide a tool that they need. And next time, they may not ask you for advice, but simply create an account and share important corporate data in an insecure environment.
Also, if your business used to be very dependent on physical media (for example, your accounting processes required the use of paper documents) and during a pandemic you switched to electronic document management - do not hesitate to question the security of these services. The security of your data is most important when it comes to third-parties who will have access to it. And if you choose an unsecured solution and your corporate data gets leaked — that will be your mess to figure out, not the third party you've chosen to work with.
-
Securing Your Corporate Systems
Remember, your people are not the primary responsibility for securing your corporate systems. The responsibility lies, first of all, with you. Since your company first moved from the office to home, now back or to a hybrid work model, the security settings of your corporate network are constantly changing. Test your systems. Do penetration tests. Constantly measure how vulnerable your security systems are. Test every mechanic for protecting your corporate data.
-
Have A Disaster Recovery Plan
Prevent possible disaster scenarios before they happen. One of the scenarios of our disaster recovery plan, which we were preparing in advance - the “office unavailable” scenario - was that it would be necessary to switch to WFH for the whole company due to some force majeure situation. It entailed step-by-step instructions on what our people should do if a disaster occured. For example, it could be a blizzard. And we went through each step on how we would act to make sure that our people could still work during such a disaster. This plan really came in handy when the pandemic hit.
Interestingly, we tested this plan half a year before the start of the pandemic. That’s why, by the time the pandemic began, we knew exactly what to do. It meant the process of switching to remote work was less painful than it could have been in terms of security.
Conclusion
In conclusion, I can say that there will be an increasing number of cyberattacks when employees return to the offices. And it is in the hands of their employers to protect their systems, people and ultimately, their customers. Each employee is a key link in the protection of your company’s sensitive corporate and client information. Invest your time and resources so that your people help you fight cyber threats, rather than becoming the cause of their occurrence.
At MacKeeper and Clario, protecting user data is one of the main components of the corporate social culture of the Clario Tech company. We believe every company that has access to personal data of people should be just as careful and serious about the issue of data protection.
Article By Vlad Bobrovskiy, IT Security Manager, MacKeeper
