There’s no doubt coronavirus (COVID-19) is dramatically affecting the way we work, both now and almost certainly in the long term. Pre-pandemic, most people commuted to a physical office or location. Then, in what seemed like the blink of an eye, state and national guidelines on social distancing left many companies scrambling to put remote work capabilities in place.
For organizations with an effective cyber security disaster recovery and business continuity plan, this was likely a smooth transition to remote operations. For those companies without a plan, it resulted in a lot of headaches and unnecessary cyber security risk exposure.
While the future of physical offices versus remote work remains uncertain, organizations will likely bring at least part of their staff back into a physical office at some point, and it may be sooner rather than later, depending on the state. If this is the case, one thing is clear; you’ll need a plan. In this blog, I’ll discuss office cyber security and COVID-19 and the steps you should take to ensure this transition happens smoothly without compromising your network.
Unknown Vulnerabilities
There are two distinct IT and security issues that require advance planning before bringing people back into the office. The first is determining what to do with computers or devices that have been sitting unused in your office and haven’t had the latest patches from Microsoft or any other manufacturer applied. The second issue is how to handle devices that workers bring back into the office. These devices could have been connected to multiple networks, used by multiple family members, and potentially have new software downloaded since the last time they were on your network. Both scenarios mean your organization could be exposed to unknown vulnerabilities.
Unless you’re running a full endpoint management solution (such as Office 365 E5 or Microsoft Intune) that forces users to run updates before rejoining the office network and accessing resources, you’re going to be facing a challenge.
Steps to Take
Here are several steps you can take to make the transition smooth when employees return.
1. Physically check all equipment and devices
A hands-on approach is a simple and straightforward strategy, but also very labor intensive. This strategy works no matter how mature your patch and vulnerability management program is. It also provides a way to engage with each person who returns to the office to help them with any technical issues they may have had during the shutdown. Having enough people to do this would be a limiting factor. One way around that is to have workers return in phases, which you may already be considering for physical safety and security concerns.
Develop checklists for consistency purposes and to make sure all of the appropriate patches are installed, and virus scans are completed. You could also use this time to inventory systems and software on the network, or give any refresher training, both of which are good steps to take as a part of any good cyber security program.
2. Segment users until in compliance
The simplest and most logical approach is to segment returning users from the network. This approach creates a “holding” VLAN that all machines are moved into until they can have patches installed and a proper virus scan done to be sure they’re in compliance with all company security policies. Block access to all organizational resources except websites required to retrieve patches and updated virus signatures.
Once a computer has the required patches installed, it could be migrated back to their original VLAN. This method means your organization needs to have a good network mapping and correct network diagrams. You may need to update your network architecture and develop clearing procedures for each returning workstation and user. To avoid any misunderstandings or confusion, make sure to give workers advance notice of any restrictions you plan to place on access upon their return.
This method is great if you have any laptops or other devices that have been compromised. Any machines that attempt to access a command and control server can be identified and remediated before doing any further damage.
3. Use automated tools to validate compliance
As mentioned earlier, there are automated tools you can use to remotely assess and patch systems as needed. But, unless you already have these tools in place, this will not be an option for you. If you do have these capabilities in place, make sure that these extend to your remote workers. If not, you will need to take one of the above steps to get those users’ machines into compliance.
Preparing for the Future of Office Cyber Security and COVID-19
We’ve all heard the reports that are predicting a second round of COVID-19 hitting later this year or maybe sooner, or continued outbreaks around the country and globe throughout the remainder of the year and into next year. Given that all organizations had to dust off their disaster recovery plans – if they had them – now would be a good time to schedule a debriefing to capture the lessons learned so far from the initial impact of this global pandemic. It would also be a great time to modify your disaster recovery and continuity of operations plans and shore up the shortfalls in your plans.
While you’re developing an initial debrief, here are some questions you can ask your remote employees to figure out what needs to be added, changed, or deleted from your plans.
Processes
- How long did it take you to transition to working effectively as a remote employee?
- When working remotely, is the way you work impacted significantly?
- Do you know who to call if you have a technical issue? Are those calls or emails answered promptly?
- Are lines of communications to your supervisors, co-workers, and subordinates open?
- Are there any tasks that you’re unable to do from home? How could we fix this going forward with technical solutions or changes to our existing processes?
Technology
- Was your home Internet access adequate to conduct work as you were accustomed?
- Did you have to take any office equipment home to do your work?
- Are you doing any company work on any personal equipment (laptop, home computer, printer, computer monitor, etc.)?
- What technology or equipment makes working at home easier?
- What technology or equipment do you miss most from the office?
- If you could add one thing to your home office, what would it be?
- Are you able to access all required network resources?
- Was it difficult to set up your home office for work tasks?
- Did you know what equipment you needed to set up for work from home?
Summary
When it comes to office cyber security and COVID-19, the bottom line is, even if you plan to have just a portion of your employees come back to your physical office or location, you need to start planning for that in advance. Delta Risk can work with you and your team to help with the planning aspects or technical requirements. We also offer remote pen testing and vulnerability assessments.