Skip to main content

Managing security post-pandemic: returning to the office

(Image credit: Image Credit: Helloquence / Unsplash)

The current pandemic will reshape the way people work and how organizations do business forever. With a massive increase in remote work, and many businesses managing to do this successfully, employees will expect this flexibility to continue if or when they return to the office.

But with increased flexibility comes increased security risks. As businesses navigate the ‘return to the office’ process, they need to ensure that cyber resilience is at the forefront. The reality is that returning to the office will be just as challenging, and as complex, as switching to permanent remote work.

Therefore, businesses will need to create a comprehensive cyber resilience plan and security audit as they start to get employees back into the physical space. Businesses will need to look at existing threats and threats likely to come later.

Once a solid foundation of cyber resilience has been developed, businesses will then be confident defending against cyber risks when working with a hybrid workforce.

Cybersecurity in the time of coronavirus

Remote work has presented a new world of security challenges. And the pandemic’s impact on the business world will be felt for months to come— even after we go back to ‘business as usual’.

Social engineering campaigns that preyed upon fear over the virus began appearing in late January and have spread as quickly as the illness itself. Since then, the attacks have developed in sophistication. We first saw the spread of malicious actors using phishing techniques to pose as a trusted organization (banks, merchants) individuals (co-worker, manager, IT administrator) or healthcare officials. Individuals were tricked into handing over money or sensitive information to these scammers.

Ransomware attacks on critical services and industries also surged — where attackers held something important to ransom. We’ve also seen victims’ stolen and encrypted data sold or auctioned off on the dark web, if they didn’t pay the ransom.

We’ve also seen over a 40 percent increase in unsecured remote desktop protocol (RDP). This is concerning as unsecured RDP is a very popular way criminals breach healthcare, education, and government sectors. These targets typically have a lot of computers and not a lot of IT staff/budget, so setting up machines from remote work is a huge productivity boost. However, if not done properly these machines are open to scanning tools that make it easy for criminals to brute force their way into the machines.

The increase in cyberattacks and ransom amounts have come at a time when infrastructures of modern civilization are needed most – but have the least amount of time to react, debate paying or negotiate the price. More pressure is on business leaders too, as the pandemic has forced them to take action to cut costs — but cybersecurity is one area that businesses simply cannot afford to shave, and its budgets need to be ringfenced.

The economics here are clear – cybercriminals are not cutting their budgets and are exploiting weaknesses across all segments. And while there will be pressure on businesses and IT teams to get employees better, faster and more secure access into their systems from wherever, this should not come at the expense of security and cyber resilience.

Cybersecurity remains imperative

With the unprecedented shift from office to at-home work, businesses must continue to review their working policies for data protection as well as security and be prepared for the variety of different work environments. Rather than view data protection as a box-ticking exercise, it should be a key priority and integrated into every aspect of the business. To maintain trust and protect reputations, a multi-layered security strategy is needed, which also incorporates transparency and regular training for all employees

And for any new or outdated security threat, a cyber resilience plan should be implemented to protect a company’s IT infrastructure and data, regardless of the crisis. When planning, IT looks at how to react in the event of a natural disaster, pandemic, cyber or ransomware attack and even simple human error.

However, it is not a static “set it and forget it” process. It must be refreshed, reviewed and tested quarterly or semi-annually. As the company’s operations or IT infrastructure changes, so should the plan. It is a fluid item that’s at the core of keeping business operation functioning regardless of outside elements.

Additionally, today’s IT infrastructure is dynamic because it contains physical, virtual and cloud-based applications and data storage. A “one size fits all” IT approach doesn’t work – nor would a single solution for a cyber resilience plan. A broad approach that matches the need for each application and infrastructure layer is needed to ensure that the plan operates correctly and with the main goal of keeping business operations normal. This layer allows for agility and flexibility to cover the business from front to back with endpoint security and disaster recovery.

Corporations struggling to understand or implement cyber resilience plans should also turn to managed service providers (MSPs), as they have the experience, remote management, existing business IT services, and pricing models to accommodate the current circumstances. Which makes this a far less daunting IT task for small-to-medium-sized businesses to deal with.

Overall, organizations should remain vigilant amid the unprecedented shifts between the office and home. With a robust and secure cyber resilience plan in place, businesses can rest assured knowing they are well protected against potential threats.

Tyler Moffitt, Security Analyst, Webroot (opens in new tab)

Tyler Moffitt is a Senior Threat Research Analyst with Webroot, Inc. A key member of the Threat Research team, immersed deep within the world of malware and antimalware. He works directly with malware samples, creating antimalware intelligence, and testing in-house tools.