The good news is that eventually the pandemic will end and people will return their normal duties, with likely some in-office and some virtual. After spending months working from home, many of us are anxious to go back to the office, at least on a regular basis to meet with colleagues and experience these social interactions that we so missed lately.
During the early stages of the pandemic, we observed an uptake in cybersecurity incidents related to remote work. Did your organization do any of the following?
- Give laptops or other devices to employees to take home
- Give open remote access to employees
- Start utilizing new software programs
- Give users local administrative rights
Any of these, as simple as they seem, open up your team members, devices, and your network to vulnerabilities, especially if new software was installed but is potentially malicious in some way.
- Implementing a comprehensive plan for your organization before employees return is of the utmost importance. The risk appetite (risk that an organization is willing to accept) will be different for every organization. An accounting firm may not have the same risk appetite as a hospital, for example. The basic checks will remain the same for most organizations, however.
- How will you ensure that devices that were used in homes for months are not compromised and will not be leveraged by threat actors to spread as soon as they are connected to your internal networks? This would be a worst case scenario. An organization may have many technical controls in place to prevent incidents within their network, but it can be difficult to account for the wild card of laptops and other devices that have been at other locations being introduced back into the environment.
- What software was installed by the employee and what other devices have been on the same home network 24/7 for the past few months?
- How will you assess the risk related to how the device was used in the household or the level of exposure to unsecured devices?
We know that once threat actors gain access to system, they can wait idle for days, weeks, or even months before launching a cyber attack. Some of them are certainly lurking for the right opportunity to strike. Unfortunately, this opportunity may be when the user brings the infected laptop or other device and reconnects to your network, allowing the threat actor to propagate and infect many more laptops and/or devices in your organization.
Beyond standard practices such as effective patch management is effective and up to date anti-malware, we also recommend doing a thorough review of these devices before they are connected back to the internal network. This can be done manually or with an implementation of a NAC or Network Access Control system. This would allow your organization to set a baseline that laptops and devices must meet before they can connect to your network. These baselines could include ensuring that the laptop or device is patched with the latest critical updates, ensuring that the firewall is turned on and that the laptop or device has anti-malware software installed.
The majority of these solutions are highly customizable and can be tailored to fit your organization’s specific needs. Dean Dorton’s cybersecurity experts can assist you in putting a plan together, so risk is minimized and laptops and other devices do not put your information and systems at risk.
Gui Cozzi
Cybersecurity Associate Director
gcozzi@ddaftech.com • 859.425.7649