Managing Cyber Security As Office Work Resumes

COVID-19 vaccinations are increasing and many organisations have said that they will gradually move employees out of home working and back into the office. However, the future will see more staff splitting time between home and their office

While working from home, your employees may have developed poor cyber security habits and used personal devices to access corporate data. 

Before they return, take the opportunity to remind them about the latest security risks and share with them any updates that have been made to your organisation’s information and data security policies. 

Many organisations are providing training about new workplace rules to help prevent the transmission of COVID-19, but even these resources are vulnerable to cyber-attacks. Cyber criminals are now targeting safety training as a way to spread malware and steal data. Avoid these risks by clearly identifying the training materials and resources you provide and making them available through one online point rather than via email, if possible.

In addition to temperature checks and elevator spacing protocols, employees might be settling into new floors or buildings that have been updated to increase the physical distance between workers and offer “hot desking” or “open desking” where employees from various business units sit together. 

Routine discussions of sensitive information, including HR reviews, internal investigations, highly confidential trading data, material nonpublic information, and earnings projections, will happen, so security teams must consider how best to stagger or separate employees to prevent exposure.

With a return to the office, new hardware like enhanced videoconferencing devices and dedicated terminals must be managed appropriately:-

  • Ensuring inventories of physical hardware are updated to include newly deployed office infrastructure as well as the home office kit provided during the last year is essential. 
  • Deploy oversight controls for collaboration and chat platforms. From a software perspective, collaboration and chat tools like Zoom, Slack, Cisco Webex, and Microsoft Teams have provided the backbone for business communications during the pandemic. These platforms will continue to grow as the core connectors of employees in the hybrid work environment. 
  • Cyber security and compliance teams must observe the regulatory capture, retention, and supervision on these platforms, but should also anticipate the potential data leakage risks from information shared through screen shares, Webcams, chat, file shares, and whiteboards. 

Collectively, cyber security and compliance teams must begin the return-to-office planning process so that when employees arrive, everyone is prepared. Given that updating risk registers, implementing new technology tools, revising policies, and creating new training requires well-aligned, coordinated efforts, now is the time to define and begin executing on these tasks.

Dark ReadIng:      Compliance Week:         Redscan:     Image: Unsplash

You Might Also Read: 

Create A Cybersecurity Compliance Plan With These Seven Tips

 

« Dark Web Drug Dealers Jailed
The Cyber Security Paradigm Is Changing »

Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Attivo Networks

Attivo Networks

Attivo Networks is an award winning provider of deception for in-network threat detection, attack forensic analysis, and continuous threat response.

Menlo Security

Menlo Security

Menlo Security Isolation Platform (MSIP) provides a new layer in the security stack that contains and eliminates all malware, every time.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

Blackthorn Trace

Blackthorn Trace

Blackthorn Trace is one of the UK's first niche Cloud & Cyber Security recruiters, working across the Cyber Security and Cloud landscape to deliver innovative and agile solutions.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

National CyberWatch Center

National CyberWatch Center

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.