Returning to the Office after COVID-19?
By: Justin Carter
When states issued shelter-in-place orders due to COVID-19, many businesses were in a frenzy to get employees set up to work from home. Most supply channels were inundated with requests for a Laptop, Desktop, or a Webcam. In all of the chaos, many businesses dropped their guard and chose to relax their network security to allow employees to work from home, using their personal computers, phones, and networks to access company infrastructure.
So, what is the risk in that?
Most home users share two common misconceptions about the security of their personal computers or home networks.
- Their home network is too small to be at risk of a cyberattack.
- Their devices are "secure enough" right out of the box.
In reality, how many people want to go home and deal with 2FA (Two-Factor Authentication), or be stopped by their internet router telling them that this site is not safe? People want things to be easy and don’t want to deal with obstruction.
One of my colleagues always says to new prospective clients and reminds current clients.
“Security by its very nature is obstruction.” -JL
So, is your business ready for staff to return to the office after COVID-19?
As you prepare for your staff to come back into the office, here are some questions you should ask yourself to prepare.
- Is your company roster up to date for authorized personnel?
- Is your building security current and updated?
- Do access control systems like FOB's or Badge readers all work?
- Is your office environment ready to house the returning staff? Not just power, water, fire suppression systems, and smoke detectors; but also being able to maintain the recommended return to work standards outlined by your state (keeping six feet apart, hand sanitizer, masks, etc.)?
- Is there a process in place to vet returning staff to ensure they are healthy and COVID-19 free?
- Is social distancing (a new normal) in place for common work areas?
Many businesses recommend a phased approach to returning staff back to the office. Perhaps try to start with the IT Department, followed by HR the following week. Where possible, prioritize departments that support the most critical business processes.
Next, your organization should review any changes in policies and procedures by a mandated work from home environment. Will the changes still apply when the staff returns to the office? Here are some things to consider:
- What plans do you have in place for staff using their personal devices (BYOD) to access company resources?
- Can staff use their personal devices upon returning?
- What do you have in place to ensure local documents on personal devices are stored on the appropriate company resource?
- How will you manage sensitive data that resides on personal devices that were used during the work-from-home period?
- What kind of policy changes need to be made to the companies work-from-home program to align with the new “normal?"
Prepare a phased transition plan to help reduce BYOD. This includes instruction on how to migrate or copy your companies proprietary data back to an approved resource such as a secure file sharing system. This will allow you to make sure you have synced all the documents before deleting the local copy.
When you prepare for the restart phase, it is important to reassess the technology that is in use within the remote operating environment and determine if it should be permanent or not.
Key questions include:
- What kind of technology change is needed to support the transition back to a state of “normalcy?"
- How should your business handle returned technology that was issued for the work-from-home environment?
- Would it make sense for employees to keep the technology at home in the event of a second wave of the pandemic?
- Will the organization continue to support and pay for tools and licenses needed for all employees to access resources remotely such as VPN, collaborative software, Office 365, or mobile applications?
- How will the organization manage the backup and retention of data before sanitizing devices?
Free Quiz: Cyber-Security Confidence Assessment
Organizations face a great deal of uncertainty about when and how they’ll emerge from the COVID-19 crisis. A successful restart of operations needs careful planning and the flexibility to adapt to changing circumstances. The FUSE3 team is standing by to help.