The COVID-19 pandemic forced most organizations to alter standard workflows to ensure continuity of operations—work-from-home wasn’t common practice before the pandemic. While businesses prioritized equipping and rapidly deploying a remote workforce and normalizing operations, few have plans for remote workers (and their multiple devices) returning to the workplace.
Agio’s engineers weigh in with cybersecurity recommendations for you to consider in preparation for your workforce’s return to the office.
Preparing Your Environment
- Physical Security: Review and update physical access systems (i.e., proximity card systems, video monitoring, and other vital security routines). Audit and synchronize physical access tokens with current workforce status to ensure tokens have been revoked from staff no longer with your organization. Make sure physical access privileges are appropriate for each individual’s current roles and responsibilities.
- Vulnerability Scans: Internal and external vulnerability scans assist in identifying security gaps in infrastructure devices and reintroducing devices to the network.
- Patching: It’s necessary to look at OS and application patching of infrastructure devices, servers, and workstations still on the network so you can address existing vulnerabilities before workers return to the office. While internal patching presents the risk of disrupting access to systems and data used by remote workers, it’s vital to complete before their return to the office. If patching now is still too risky, devise a plan to test and implement in phases, on off-hours, or during periods of lowest utilization. At a minimum, know where your vulnerabilities exist, and prioritize patch implementation as operations transition back to normal.
- : Your partners need to access internal systems for maintenance—touch base to see what they require and get it scheduled. Monitor their activity on your network, and preferably, terminate their access upon completion wherever feasible.
- Monitoring: Review monitoring capabilities and functions. Ensure you’re able to detect potential rogue devices, malware, and other malicious activities that returning remote workers may introduce.
- Network Segmentation: This may be old-school, but it works. Don’t make it easy for bad actors to move laterally within your environment. Protect your critical and sensitive systems and data by segregating them in protected network segments and limit the flow of traffic between those segments to only that which is necessary for business purposes.
Decontaminating Remote Workers & Their Devices
- Reimage/Replace:Reimaging or replacing workstations may be a sure-fire way to ensure systems are clean and safe for introduction to the corporate network, but everything is lost—personal data and programs are gone. The reimaging or redeployment workload and resulting helpdesk requests can overwhelm your IT operation. Consider a healthy mix of reimaging and quarantining to allow for a smooth transition back into the office.
- Quarantine: Social distancing works for systems too. Treat returning machines as though they are infected and place them into segmented networks while retaining a secure connection to access corporate resources. You’ll need time to ensure systems are patched, encrypted, and have an Endpoint Detection & Response (EDR) solution before reintegrating into the corporate network.
- Password Resets: Your employees most likely have used identical passwords on new services or devices at home, and probably lapsed into other less-than-secure habits related to access credentials. Be sure to reset credentials and ensure multifactor authentication (MFA) is in place for access to critical systems, applications, and data.
- Patching (Again): You likely weren’t able to effectively patch all of your remote workers’ devices, and it’s unlikely they did it either. Your organization may have made the conscious decision to forego patching to ensure continued service for all of your remote workers. Either way, you now need to install all user device OS and application patches before allowing the devices back on your network.
- Device Encryption: Ensure returning devices (especially mobile devices) are configured with full disk encryption to minimize data leakage potential.
- Endpoint Detection & Response (EDR): An EDR solution is necessary for securing systems inside and outside of the corporate network. When employees can’t immediately access something they need in order to work, they find ways to circumvent or disable security software. You may have even had to do this for them to enable functionality while they’re working remotely. Make sure you return all EDR settings to your corporate standard immediately upon a device’s return to the network. Consider MFA for all SaaS, mobile, and cloud applications.
- Data Migration: To be honest, your users probably didn’t heed your data migration policy, and they’ve stored stuff locally on their corporate (and personal) devices. You need to migrate that data to where it belongs, and you need to make sure it’s clean and free of malicious content or malware before you put it on your network. Plan for this, understand the likely volume of work you’ll be dealing with, and staff accordingly.
- Personal Devices: Employees may have had to use their laptops or other personal devices while working from home. These devices don’t meet corporate security standards and could be contaminated with malware. The best approach here is not to allow these devices back onto the corporate network. If you must, segregate them to a highly protected network segment, and only long enough to facilitate data migration.
- Unapproved Software: Just like with data, your users may have installed unauthorized software. Inventory software installed on all permitted devices and uninstall it as appropriate to avoid licensing issues.
- Returning Equipment to the Office:Don’t forget about the logistics of getting all of your employees’ multiple monitors and stationary workstations back into the office. You don’t want anyone lugging that stuff through Midtown. Plan for this transition to minimize delays, disruption, or equipment damage.
- Equipment Reintegration: Account for the time and effort required to reinstall equipment as it returns. Stage returns in accordance with your capacity to complete reintegration.
- New Employees: Any employees onboarded remotely during COVID-19 will have a unique experience moving into the office, and they may need a refresher on training that was not applicable while they were working from home.
- Incident Response Protocols: You’re most vulnerable during times of transition and change, and you should expect bad actors to capitalize on this opportunity. Ensure employees are aware of incident response protocols when presented with something suspicious. Make sure there’s a way for employees to get in contact with the IT team quickly and consider a short refresher training as employees return.
- Business Continuity Planning (BCP): Did your BCP cover a pandemic-driven remote work policy? Using what you’ve learned, run a COVID-19-based incident response. Gather your response team, executives, and leaders to run simulations that explore the unexpected operational realities you encountered.
We encourage you to deliberately plan your organization’s return to operational normalcy. Start planning now, so you’re ready to execute when the time comes. As you work through this checklist, know that Agio Healthcare’s team of cybersecurity engineers are always here to help. Please don’t hesitate to contact us.