Over the course of the last year the global pandemic forced many urgent business decisions. First came the major shift to remote office capabilities – email, document sharing, collaboration and security were a prime focus. Cloud technology made that transition a success story, but a lot of changes are still unfolding and businesses now have new challenges to figure out, especially now that many State Governors are removing or curtailing office occupancy restrictions.
With vaccines making their way throughout the country and lockdown restrictions loosening up, a debate surrounding the office return emerges. Hybrid vs. remote vs. full-time – every scenario is different, as well as the rules and accommodations to make the return safe and productive for all. User systems will be coming back as well, and their absence from the network is something to account for.
Returning to Base
In the vast majority of cases, computers and mobile devices have not been on-premise for close to a year. Ever vigilant from a security perspective, the best way to approach the “repatriation” of these systems onto the office network is to regard them as potentially infected.
At the very least, consider that these devices are not in the same state as when they left.
During this time, the company office extended into the homes of employees, and the line separating home from work was essentially diminished. For example, new applications may have installed or updated, modifications might have occurred and patches and threats have come through. Even with device management in place, the potential for unaccounted change from field devices is significant.
A Smart Re-Entry Is The Way
Consider this both a threat and an opportunity. The first goal is to ensure that workstations have been adequately patched and updated. Devices, security software and applications must be validated and brought up-to-date before actively working on networks hold sensitive, critical data. And the list of tasks continues:
- Review of Wi-Fi configurations – In most cases, open Wi-Fi is a major risk
- Jailbreak or hacked devices – A simple no-go, not-allowed
- Certificate installation – Endpoint certificates should be reviewed and updated as appropriate
- Overall device health – Gather user and machine reports, and consider the device service lifecycle
- Device Compliance –
- Is the device encrypted per the technology policy?
- Is a PIN code or Multi-Factor authentication enforced?
- Is security software installed and up to date?
- Rogue applications – In the wild, various applications can creep into the picture
Another component that has potentially changed: people. Since going remote, employee technology behaviors may have progressively changed and became lax. There is an undeniable human component to company cybersecurity. As much as 90% of data breaches occur due to human error, carelessness, or lack of vigilance. Despite those continuing lessons, businesses are often surprised to find themselves just a click away from the next breach or ransomware disaster that will make them a headline sensation in the wrong way.
Communication is the key to pursuing better outcomes. Renew good cybersecurity practices and hygiene when it comes to potential targets such as email, workflow, mobile access, web behavior and outside applications.
This is also an opportunity for the business to deploy much better comprehensive and compliant security such as mobile management, enforcing password protections, enabling multi-factor authentication, device encryption and a more significant technology principle such as Zero Trust. The enterprise should also seize this opportunity to re-establish and update protections such as advanced anomaly detection, data classification and protection, data loss prevention (DLP) and review the tenancy of data in the cloud and on user workstations.
The modern workplace is framed upon the understanding and expectations that exist between the business and the workers that embody the missions of the business. Technology and cybersecurity make workflows and engagements possible, so it would behoove technology and business leaders alike, to seize this return to the office opportunity to step up their security posture.
Companies today are dealing with a hyper-fluid state of their data. We see it in mobile applications, remote office scenarios, distant facility geolocation, boundless cloud environments, and more. Data moves and then rests. The reality is that it all needs to be protected against threats and risks whether moving or resting.
While this may seem obvious, the very nature of modern applications and information cannot exist without security measures in place. In addition, the competitive and economic landscape mandates that these technological achievements deliver quickly and maintain valued experiences. This is critical to the very nature and desired outcomes of digital business.
Staying ahead of the security curve means always looking around the corner. Get ahead of the business impacts of missing or falling short on security and risks. Leverage security technology that matches your immediate and long-term technology and always look to maintain the business advantages of enabling data wherever it may be. Reimagining cybersecurity around software-based platforms is an important step that can enable a business to be more prepared than ever thought possible.
Cybersecurity decisions and operations should always carry the context of business outcomes. Simplicity and full-spectrum awareness of risks, assets, data, and security threats form the best cybersecurity path possible, but only when the results can be quantified in unison with advantage to the business. Applying technology better is always a business advantage in terms of efficiency, speed to delivery, app experience and, on top of all else, security. Only with the context of business value can leading cybersecurity missions take hold because the outcome is critical to deciding what risks are acceptable and what risks are not. From these decisions, a strategy is born.