As the world begins to open up and return to some semblance of normality, businesses are now in a debate over how to proceed with the return of staff into offices.
Over the last 1.5 years, remote desktop access and cloud technology allowed employees to work from the safety of their own homes, but how does one proceed now that the possibility of returning full-time to the office is back on the cards? Whether your business decides to offer hybrid, remote, or full-time opportunities to your employees, there is one question you should be asking: Are your devices protected?
Have your computers, printers, and other devices remained in the office since the beginning of the pandemic? If so, then it’s time to get your microfibre cloths and air dusters out, because we need to do some serious spring cleaning.
But the cleaning doesn’t stop there. With no one around to maintain your devices, many of them will have updates and patches that are severely overdue. 1.5 years is a long time in the digital world, and old versions of software, applications and operating systems can be easily exploited by cyber attackers. This includes PCs, printers, IP cameras, and Smart TVs! You should also ensure that any endpoint cyber security software (such as anti-virus solutions) are updated and run scans to ensure nothing has wormed its way into your systems or devices while your workers have been absent.
Another important step in the spring-cleaning process is to check the overall health of your devices. Do a complete inventory of the devices that were left in the office and check that each device is working as it should be. You wouldn’t want your employees to return to the office only to find the printer (or worse – the coffee machine) is out of action!
Re-Entry of Devices
It is very likely that some, if not all, of your employees chose to take their work devices home when lockdowns first began. If that’s the case, then I’m afraid you’ve got a big task ahead of you, especially if you do not currently have some form of mobile device/desktop management software installed.
Here are a few steps to make the process of re-introducing your devices as painless as possible:
During the rush to move to remote work last year, you should have created an inventory list so you can track down every computer, laptop, phone, monitor, webcam, desk chair and pen (okay, maybe we can forgive the pens) that was taken from the office. Involve all employees in tracking down equipment and devices to ensure a seamless re-entry into the office.
2. Updates & Patching
Similar to on-premise devices, it’s vitally important that you ensure all devices re-entering the office are adequately patched and updated. Similarly, you should run endpoint detection scans for all personal and corporate devices that will be brought back on to the corporate network.
3. Mandate Password Changes
Having your employees return to the office provides the perfect opportunity to crack down on your cyber security policies. Before workers can access your network and systems, ensure they have updated their user and account passwords. You should also consider enforcing multi-factor authentication (particularly for those with admin privileges) to further protect against cyber attacks.
4. Scan installed apps
In their absence from the office, employees may have installed apps, programs or software that could be a potential vector for malware or other cyber attacks. To ensure network security, scan all computers, laptops, and mobile devices for unauthorised software and either validate or remove them before providing access to your networks.
5. Remind employees of safe cyber security practices and hygiene
There’s a good chance that some employees may have become lax when it comes to appropriate cyber security practices in the workplace. Send out a reminder that includes information about phishing, appropriate website behaviour, unauthorised downloads, and password protection/hygiene.
Alternatively, you can use a service such as Webroot, who offer Security Awareness Training that can be completed online in your employees’ own time.
TIP: PHASE-IN YOUR DEVICES
Imagine this: it’s the first day back in the office and it is complete chaos. Some people are searching for HDMI cords to plug in their monitors, others are connecting to the corporate network before they’ve changed their user passwords, and half of them have probably forgotten to update their operating systems. It’s a recipe for a cyber security disaster!
Instead of overwhelming your IT team and missing important steps in the re-entry process, use a phased approach. Host rolling ‘re-entry days’ where a handful of employees can bring in their devices, setup their workstations, and update their account passwords.
These ‘re-entry days’ will allow your IT team to efficiently check off items in the inventory list, run endpoint scans, and check for patches and unauthorised apps. Plus, you can take the opportunity to explain new policies/procedures and prepare employees for their return into the office.