Returning to the office - Our cybersecurity To-Do List
As the Irish roadmap to ease lockdown restrictions is accelerated and reduced from 5 phases to 4, many organisations will start planning how they can safely reopen offices. As of Monday 8th of June, we entered Phase 2, which states that although more people can return to work, working from home remains the message for those of us who can.
If all goes according to plan, we will enter Phase 4 on Monday the 20th of July at which point all workplaces can reopen and begin a phased return for employees. As the scale of these accelerated changes were somewhat unexpected, many organisations may find themselves scrambling to be prepared to open offices and meet guidelines for social distancing in just 6 weeks time.
To try and assist, Secora Consulting has put together a short guide for companies to ensure their accelerated preparations don’t increase the risk of their exposure to a cybersecurity breach.
Secora Consulting’s Cyber Security To-Do List
Our To-Do list is compiled of 5 steps to provide guidance on what your organisation and IT teams need to be aware of as you prepare to welcome your employees back into the workplace.
As the advice remains that social distancing is adhered to at all times, organisations will need to make changes to the workplace to meet the robust hygiene requirements. While doing this, it is crucial organisations ensure that they maintain some level of physical security when it comes to entering premises. For example, an office which previously had a keycode on a door to gain access may now need to be reviewed unless you can ensure it is included in your cleaning programme.
A simple short-term alternative to this would be to introduce a non-contact greeter who welcomes staff and visitors while maintaining a log of anyone who visits the office each day (another requirement). This vastly reduces the chance of unauthorised people gaining access to your workplace. This also reduces the need for interaction or possible transmission through the use of common items (e.g keypads), as well as assisting with contact tracing procedures which all organisations will need to adhere to.
During remote working, we suggested introducing Multi-Factor Authentication policies to reduce your organisation’s exposure to a cybersecurity breach. As staff return to the workplace, we recommend retaining or introducing this policy. Multi-Factor Authentication adds an additional security layer to your infrastructure and will help ensure that the only trusted users access your network.
As many organisations closed their office doors and prepared to work from home, there was a sudden rush on providing laptops to allow desktop workers to continue to operate outside of the office.
As employees return to the office your organisation needs to ensure that all laptops are returned, the best way to do this is to create an asset register or add them to your current asset register. This log will allow you to quickly identify if anything is missing which could result in a data breach. It is also best practice to add any new software programmes to a register and log what types of data they contain and are processing.
If your organisation has loaned or leased laptops and need to return them once you reopen your office, you need to implement a procedure to firstly back up all data stored on them onto your office servers and then thoroughly wipe the laptops to ensure no sensitive company or client data is accidentally handed over.
If your organisation had to offer access to some of your systems to allow your staff to operate remotely, these changes should be reviewed. If external access will no longer be required once employees return, a project plan should be put in place to ensure all these access points are closed. A third-party penetration test or vulnerability assessment should be undertaken to ensure all external endpoints are closed and to validate the work undertaken by your security teams.
If you decide to maintain a level of working from home which prevents you from closing off remote access, then we recommend you carry out a thorough review of all ingress points and verify through penetration testing and vulnerability assessments that they do not compromise your cybersecurity posture.
We also recommend documenting lessons learnt from the review and using these findings to update your business continuity plans.
Once you have updated all of your systems appropriately ahead of your employees returning to work, we recommend carrying out a Vulnerability Assessment or Penetration Test to ensure your network is secure. As your IT teams will likely be quite busy when staff return to the office, it would be easier for them to increase the security of your network before the employees return to the office.
How Secora Consulting can help
If you are looking for guidance on how to securely return to the office or want to understand what vulnerabilities are present in your infrastructure before you welcome staff back we Secora Consulting are here to help.
We offer a wide range of services which are tailored to your requirements. We can help you prepare for the worst-case scenario by simulating threats to your organisation via each service line. We can help improve your cybersecurity posture, increasing your resilience to a breach.
Partner with us today, our experienced consultants will go the extra mile to ensure your organisation stays secure as you return to the workplace.
- Validate security controls
- Receive a prioritised list of your risks based on their exploitability and impact
- Receive expert and effective advice to immediately improve your cybersecurity posture
- Understand how uncovered issues will affect your organisation and operations
- Recover from cyber attacks
Our goal is to improve your cybersecurity posture, providing peace of mind in this ever-evolving threat landscape.
If you have any questions or would like some cybersecurity guidance as you prepare to return to the office, please reach out to us. Our team is available at email@example.com or over the phone on 00353 (0) 1 517 6200
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.
We have arranged our services into four groups based on the objective of the tests.