After almost four months of lockdown, organisations are preparing to welcome employees back to the office.
You will have taken the necessary steps to protect people’s health, with the likes of social distancing rules and hand sanitiser stations, but have you done the same when it comes to cyber security?
The disruption has had a widespread impact on your employees and your technologies, so you shouldn’t expect business processes to simply go back to normal.
Here’s a checklist of cyber security issues that you must consider as you reopen your doors.
1. Conduct staff awareness training
Before the pandemic, employees were used to certain routines that kept their sensitive information secure.
These will have been informed by policies addressing things such as the safe disposal of confidential data, how to keep physical files secure and what to do with laptops while in public.
However, these rules have been replaced during the pandemic with policies addressing the risks associated with remote working.
As employees return to the office, organisations must remind them of their security obligations in the workplace.
Likewise, staff should be prepared for new threats that are emerging as a result of their return.
Throughout the pandemic, we’ve seen fraudsters capitalising on the ever-evolving situation to trick people with a variety of phishing scams, and we wouldn’t be surprised to see them exploit the shift back to the workplace.
We therefore advise organisations to provide fresh staff awareness training on the threat of phishing.
2. Scan and update employees’ laptops
When lockdown began, many organisations provided employees with laptops so they could work from home during lockdown.
However, those devices might not have received the necessary operating system updates since, leaving them with vulnerabilities that could be exploited.
This could be particularly damaging when those devices reconnect to corporate networks, as criminal hackers could leverage their access across the organisation.
Ideally, organisations should quarantine these devices when employees return to the office, giving the IT team time to scan them and install the necessary patches.
However, this may present logistical challenges, particularly if you don’t have spare devices while those scans are taking place.
One way around this is to stagger your employees’ return to the office, ensuring that you always have a supply of devices.
3. Reboot your inactive infrastructure
Another IT issue relates to the use of office infrastructure that has been sitting dormant while workplaces were closed.
Some organisations may have suspended their office IT functions altogether, resulting in unpatched vulnerabilities or other issues that have arisen from prolonged inactivity.
So before you jump headlong back into the office routine, we recommend testing your systems to ensure they are ready to meet the demands of your workforce.
Still working remotely? Now is the time to review the cyber security risks of working from home >>
4. Evaluate who needs to be in the office
One of the few silver linings of COVID-19 is that organisations are more amenable to remote working.
Many employers were reluctant to let staff work from home, as they suspected they would be less productive without direct supervision. However, the majority have found that they didn’t have anything to worry about.
Meanwhile, employees have come to appreciate the convenience and flexibility that remote working provides and are keen to continue reaping the benefits.
According to an O2 survey, 81% of respondents expect to work from home at least one day a week when their offices reopen, and 33% hope to work from home at least three days a week.
Organisations should use this opportunity to assess their remote work practices, and see which employees are happy to continue working from home on a part- or full-time basis.
On a similar note, you might find that some employees want to return to the office eventually but may be reluctant to do so if they are at increased risk of severe illness from COVID-19.
In these cases, you should make special dispensations, allowing them to return to the premises only when they feel comfortable.
Depending on how many employees face this issue, it may be a good idea to stagger the return of your workforce so that those with health conditions don’t feel like they’re being excluded from the rest of the team.
Get cyber secure with ISO 27001
The steps we’ve outlined here are a great start for organisations preparing for the return to office life, but if you’re serious about strengthening your cyber security, you should follow ISO 27001.
It’s the international standard that sets out the specifications for an ISMS (information security management system), and its best-practice approach to information security helps organisations manage their risks by addressing people, processes and technology.
Our green paper Reduce Your Cyber Risk with ISO 27001 explains how the Standard works, and provides practical advice on getting your implementation project started.
Download this free guide to learn why 25,000 organisations worldwide are already certified to ISO 27001.