Are you busy finalising plans to bring your employees back to work place after the three-month work-from-home phase?
It’s not simply doing some plug-and-play action to get them back onboard. You need to have a checklist to ensure there are no chinks in cyber security cover.
You need to vet almost all of the devices and the work apps that are installed on them to check for their ‘health’. You need to ‘quarantine’ them just like the States isolated and quarantined all those who enter the States at the borders.
Cyber security experts warn that organisations need to be very careful while re-integrating the devices back in the work environments.
Here is a checklist.
1) Quarantine devices
“Many organisations lost their ability to install or enforce updates for the duration of the stay-at-home order,” Chester Wisniewski, principal research scientist of cyber security solutions firm Sophos, has said.
“Consider implementing a slightly restricted quarantine LAN (local area network) to isolate these devices,” he said.
This needs to be done as IT departments catch up on procedures for checking security of the devices before allowing them into the corporate LAN environment.
A close watch would help the security experts quickly block, disconnect or isolate the devices that act funny.
2) Check integrity of devices
It is also very important to check the integrity of company owned devices as they stayed out of the premises for a long time.
Some of the employees might have allowed their children and other family members to use the devices in the free time.
The IT team should update the Operating System, while doing a full system scan using your endpoint security product.
3) Enumeration of shortfalls
It’s a good occasion to take the feedback of employees on the gaps in IT tools and applications. “Ask users to share what tools they needed to use while away that weren’t accessible or provided by IT. Use this as opportunity to learn where the gaps in your remote work strategy are and be sure to get sensitive data identified and brought back in where it can be protected and controlled,” Chester Wisniewski said.
4) Third party cloud, storage devices
Those who didn’t have access to VPN (virtual private network) access to company files might have used personal cloud services and removable storage devices.
“Organisations need to work toward the elimination of these devices as a whole, as they are difficult to encrypt and easy to lose. Help staff move any documents stored on personal devices or clouds to the officially sanctioned tools,” he said.
5) New policies
It’s a good opportunities for organisations to work on new policies and acquire more security tools to strengthen remote work.
“It will help secure remote work and maybe even cut down on the amount of work travel as we become more accustomed to online meetings,” he said.