Thycotic comment: Security risks of returning to work
June 2020 by Joseph Carson, chief security scientist at Thycotic
As business in the UK such as PWC start to re-open and phase employees back to normal working life - Joseph Carson, chief security scientist at Thycotic offers his thoughts on the security risks that organisations must be mindful of when doing so.
Joseph Carson, chief security scientist at Thycotic:
“As lockdown restrictions slowly start to ease, businesses are now faced with how best to manage employees returning to the office, and all the safety and security implications this entails. Re-introducing employees into the workplace will involve a host of new security precautions; it’s essential to put in place measures to mitigate and manage the potential risks so that the corporate network is not overwhelmed with new threats, especially ransomware, which could have significant financial costs.
Organisations will have to consider that systems which have been taken out of the office with limited security controls will need a mandatory security review in place. They need to be certain that corporate owned devices are free from malicious software.
Cyber criminals that have taken advantage of the massive home working exodus will no doubt be playing the long term game using compromised devices at home to get one foot in the door and when those devices return to the corporate network they will have two feet in the organization’s network, now potentially with remote access and deciding the next malicious action. Remote working has provided the perfect opportunity to plant the cuckoos egg of attacks on edge devices, to launch later once workers go back to the physical workplace and connect to the corporate network.
Consider options such as quarantined VLANs so that devices can be thoroughly scanned and checked. Weeks of home use, in which workers have been connecting to games and social networking sites can leave a trail of cyber risks. Plan for good digital hygiene measures to make sure devices are clean from malware to avoid serious security problems further down the line.”