One moment we are working and going about our lives in a normal way, and within a few weeks the entire world changed. We are all told to shelter in place, work from home if possible, home school our children and only leave home to buy food and essentials. It sounds like the start of a post-apocalyptic science fiction novel, but of course it’s not, this is our new reality.
These changes happened so suddenly and on such a massive scale that many companies did not have time to implement well thought out or well-equipped work from home plans. For many it was a mad scramble with the mentality of “whatever we can do to make it work.” While we have made it work for over almost two months, now it is time to start thinking about how to bring employees back to the office.
The urgency and threat of a global pandemic forced us to do many things differently than we would have in a normal environment. Cyber security polices/procedures was one area that often got pushed aside in the rush to set up employees remotely.
The FBI reports that Cyberattacks have spiked 400% during the pandemic!
Whether you are planning for employees to return to the office environment, or continuing to have employees work from home for an extended period of time, now is a good time to review your current security policies, ensure you are following them, and decide if new policies should be implemented.
Here are some important steps that will help you maintain a good security posture with returning employees:
- If your employees took office computers home, make sure you do a complete anti-virus/malware scan of those computers before you connect them back to your business network. These computers have been away from the protection of your corporate firewall and other systems and may have been more susceptible. You might consider getting an internal vulnerability scan of your system to identify any existing vulnerabilities.
- Uninstall any non-business software on returning computers. Work computers can sometimes be the only computer in a house. The employee may have children at home who needed a computer for online classes, so the work computer may have done double duty. Before connecting a computer back on your network, make sure to remove any unnecessary software.
- Ensure all Operating System and application patches/updates are installed. One of the key elements to prevent malware on a computer is to keep it patched and updated. Make sure your computers are updated as quickly as possible, especially computers that employees have taken home.
- Enforce good password policies. Many companies put a hold on password expiration polices while employees are working from home. Ensure this policy is re-enabled or implemented as soon as it is feasible.
- Manage remote connections. You probably enabled remote connectivity for all of your employees at the onset of this crisis. If returning employees no longer need that connection, disable it. If employees will continue to use the connection, make sure it is secured with a VPN, strong passwords, and multi-factor authentication if possible. Don’t use Microsoft Remote Desktop by itself without other protection.
- Check to see if any of your corporate credentials have been compromised. Employees have had many things to think about over the last month, cyber security and using strong passwords was probably not at the top of their list. Using a service to run dark web scans on your email domain can show what credentials might be compromised so that you can act before the bad guys do.
Following these important steps will help you maintain or improve your company’s security posture as we work though these challenging times. Let Saville help you ensure the security of your network and your business. We can assist you with everything from dark web credential scanning, internal vulnerability scanning to overall network security. Whatever your needs, Saville Client Technology Services is here to help you.
Contact your Saville Relationship Manager or Saville’s IT Director John Jordan at 214-922-9727 or email johnj@savillecpa.com for assistance.