Managing Cyber Security As Office Work Resumes
COVID-19 vaccinations are increasing and many organisations have said that they will gradually move employees out of home working and back into the office. However, the future will see more staff splitting time between home and their office.
While working from home, your employees may have developed poor cyber security habits and used personal devices to access corporate data.
Before they return, take the opportunity to remind them about the latest security risks and share with them any updates that have been made to your organisation’s information and data security policies.
Many organisations are providing training about new workplace rules to help prevent the transmission of COVID-19, but even these resources are vulnerable to cyber-attacks. Cyber criminals are now targeting safety training as a way to spread malware and steal data. Avoid these risks by clearly identifying the training materials and resources you provide and making them available through one online point rather than via email, if possible.
In addition to temperature checks and elevator spacing protocols, employees might be settling into new floors or buildings that have been updated to increase the physical distance between workers and offer “hot desking” or “open desking” where employees from various business units sit together.
Routine discussions of sensitive information, including HR reviews, internal investigations, highly confidential trading data, material nonpublic information, and earnings projections, will happen, so security teams must consider how best to stagger or separate employees to prevent exposure.
With a return to the office, new hardware like enhanced videoconferencing devices and dedicated terminals must be managed appropriately:-
- Ensuring inventories of physical hardware are updated to include newly deployed office infrastructure as well as the home office kit provided during the last year is essential.
- Deploy oversight controls for collaboration and chat platforms. From a software perspective, collaboration and chat tools like Zoom, Slack, Cisco Webex, and Microsoft Teams have provided the backbone for business communications during the pandemic. These platforms will continue to grow as the core connectors of employees in the hybrid work environment.
- Cyber security and compliance teams must observe the regulatory capture, retention, and supervision on these platforms, but should also anticipate the potential data leakage risks from information shared through screen shares, Webcams, chat, file shares, and whiteboards.
Collectively, cyber security and compliance teams must begin the return-to-office planning process so that when employees arrive, everyone is prepared. Given that updating risk registers, implementing new technology tools, revising policies, and creating new training requires well-aligned, coordinated efforts, now is the time to define and begin executing on these tasks.
Dark ReadIng: Compliance Week: Redscan: Image: Unsplash
You Might Also Read:
Create A Cybersecurity Compliance Plan With These Seven Tips: