As COVID-19 restrictions start to ease in Australia, many companies are now looking at slowly transitioning staff back to the office.
While remote working has been enjoyed by many during the pandemic, it has also, unfortunately, brought a spike in cybercrime. According to PwC’s 2021 Global Digital Trust Insights survey, the months between April and June 2020 saw a 65 percent increase in cybersecurity incidents.
Now that staff are slowly returning to the office, we need to look beyond the social distancing rules and our hand sanitiser stations, and consider precautions are in place to protect employees and company data.
Here are five tips to consider when transitioning staff back to the office:
1. Cybersecurity awareness training
While working from home, your employees may have developed poor cybersecurity habits, used personal devices to access corporate data, and have been the target of a plethora of online scams hitting inboxes.
Before they return to the office, take the opportunity to educate (or re-educate) your staff on how to recognize threats and act with caution.
2. Vulnerability management
Changing from a work-from-home environment (WFH) to work-from-office (WFO) environment means that new systems may have been added to the network. Organisations should ensure that these new systems are added to the regular vulnerability scanning schedule, and penetration tested by cybersecurity experts.
Patch posture should also be anaylsed as this is something that can be easily forgotten.
3. Access control
For those organisations that have migrated systems online to help with remote access, these systems should be assessed for security health through configuration review, scanning, and penetration testing.
4. Multi-factor authentication
With over 300 million fraudulent sign-in attempts targeting Microsoft cloud services every day, Microsoft’s Alex Weinert, states that enabling a multi-factor authentication (MFA) solution blocks 99.9% of these unauthorized log-in attempts, even if hackers have a copy of a user’s current password. If you didn’t get a chance to set-up MFA, now is a good time.
It’s also a good time to request staff to reset passwords as they return to the office.
5. Allow only trusted USBs and peripheral devices
The sudden pivot to working from home has challenged the way organisations keep company information in a centralized and secure repository. As such, employees may be using “workarounds” such as saving company data on unsecure USBs or external hard drives.
Untrusted removable devices are one of the primary vectors used to deliver malware to systems.
Only allow authorized devices to connect to your company-owned devices. Also, ensure systems are in place where copies of files are not permitted to be saved elsewhere and must remain in your company's approved systems – either company cloud repositories (for e.g. OneDrive) or document management systems, such as SharePoint or iManage. File sharing methods must also be secure and traceable by IT.
If you would like more information about Huon IT's Cybersecurity services, please click here. If you need any help addressing these issues within your business, please don’t hesitate to contact us or call 1300 HUON SD.