As we write this, we have managed to flatten the curve, socially distance ourselves and lockdown restrictions are continuing to ease in some states. But is it the time to celebrate?
As staff begin to return to the office, we now find ourselves faced with a new world, and a new way of doing things.
This new world is one where understanding the balance between working from home and the office is one that is a necessity for any business plan. COVID-19 has been a shock, an extreme event that the majority of us were not prepared for. For some of our clients with whom we had proactive business conversations, and implemented systems that would be conducive to working from home, their experience was a significantly smaller impact to day to day operations. For others, the focus was on select users only and as a result there was an almost frantic conversion of current systems so as to allow users to work from home. March and April were incredibly busy as a result, but together, we got there.
When the pandemic escalated, it became necessary overnight for staff to self-isolate and work from home wherever possible. Because of the limited and unexpected timeframe, the transition required many business leaders to bend, break or ignore their previously clearly defined security measures. Whilst this was a logical decision to make, the result now, as we move back to the office, is a number of previously unconsidered security risks.
We need to review all the short-term security Band-Aids, and focus on the future. We may also need to review each respective business’ ability to embrace Working From Home with the viewpoint of this being achieved as an inclusive part of business security; this is the topic of a future blog (stay tuned).
For now, let’s consider the things that need to be done immediately. Let us be clear, we are not talking about legal requirements, i.e. ensuring safe workspace distances, we’re talking about the technical necessities we need to consider.
Four key considerations ahead of a return to the office:
- Virus/Malware Scanning of their computers. Organisations whose staff simply unplugged their desktops and took them home, found themselves operating outside of the usual firewalls and implemented protection measures. This meant relying on the antivirus/antimalware (AV) on a computer alone as the prime line of defence. As you know, good security involves implementing a layered approach, where we build layers of security around the data, content and users protection.
In effect, these layers were removed, increasing risk and vulnerability. As these PCs return to the office, you need to run a full AV scan over the machine to ensure that the staff member’s child i.e. “little jimmy” hasn’t accidentally been to a website and installed something that would be troublesome for the office, like some Potentially Unwanted Applications (PUA)s. Normally, these PUAs would be blocked at the firewall level and depending on your AV it might not be possible to block during installation. Scan for them anyway and clean up as required.
- Disable remote access for those users who do not need it. Consider who will continue to need remote access and who will not. The reasoning behind this is simply to mitigate risks in case they have used the same password for work and personal accounts. Yes, you would hope that people are savvy enough not to these days but just in case… please do it!
- Windows Patching. In some sites, computers only patch when they are within the confines of an office environment. If your computers work on this basis then you need to ensure that you get the Service Desk to force update it as quickly as possible upon return to ensure that any potential exploits are sorted. Most of our clients on managed agreements have had no break in their patch cycle. We use remote management tools to ensure they get patched, regardless of their place in the world.
- Plan for the next time they need to work from home. If this experience has taught us anything, it is that preparation is key, and part of that is enabling seamless WFH experiences. But that is going to be the subject of a future blog post, so keep an eye out for it!
In Australia, we have pretty much knocked this pandemic down to zero. But we know it won’t’ last and we know it’s not been beaten for good, so we need to think about what next and how will we handle it better next time. Be safe!
If you need help organising and executing your return to the office plan, contact Correct Solutions. We will talk you through your options and how you can address this in the right manner for your business.