In previous posts we have discussed the cyber risks businesses faced as staff moved to a home-working model. While it's not clear yet when, or in some cases if, staff will be moving back to their offices, it's worth considering what risks should organisations be cognizant of ahead of this next shift in working practices.
The spread of corporate data
Businesses have made efforts to secure home workers, but it is no secret that exceptions have been made; organisations have quite rightly relaxed corporate restrictions around things such as the use of personal IT, and the movement of corporate data, recognising that exceptions to policies are preferable to a paralysed workforce. The clearest example of the consequences of this necessary relaxing of controls will be found in the spread of confidential data, and businesses will now need to agree how this data is brought back onto corporate systems.
It is inevitable that data will have spread beyond corporate remits. Personal email accounts, file sharing applications and even instant messaging clients are likely to have been used. This presents two challenges; firstly, repatriating data - getting this data back under corporate control as the return to work progresses, and secondly dealing with the issues this data may bring back in the form of malicious code in files.
Repatriating data
For staff that have not taken the opportunity to migrate data back proactively prior to a return to the office, organisations may well find their users unable to access materials that were generated outside of the corporate perimeter while working from home. Organisations may need to consider amnesty periods; timeboxed periods where platforms typically blocked within the organisation are opened to allow the retrieval of data to work devices.
Careful messaging will be needed around this activity; if restrictions are going to be restored in the future, staff need to be alerted to the time the access will be available, and the reasons for this temporary permission to access sites that are typically blocked for data protection purposes. Staff must be made aware; this temporary access is a period for data retrieval, not permission to maintain data on external systems.
Managing potential malware outbreaks
While data is returning to the corporate network, businesses will also need to be ready for a potential increase in security incidents. All potential controls should be in place to protect user endpoints as well as any data flowing in via web connections, but it is likely that some malicious documents and files will still arrive; anti-virus software is not a panacea. Teams will need to be ready to deal with malware outbreaks as staff return, and organisations may wish to factor this into their resourcing plans, particularly where some staff may have been furloughed.
Ensuring staffing meets demand
Factoring in both the likelihood of malware incidents and support calls, IT and cyber security teams need to ensure teams are ready and staffed to deal with these first weeks post-distancing. Businesses that adjusted team numbers to account for drops in support calls during the distancing will need to review resourcing carefully ahead of the return to offices if quality of service and appropriate levels of security are to be maintained.
Embrace new strategies
The COVID-19 pandemic brought around huge changes in the way we work, and potentially will work for the future. Many organisations are looking to return to normal, but questions remain about what a 'new normal' will look like.
The opportunity for remote and flexible working, as well as a new way of delivering services is now more viable than ever. We recommend that organisations challenge the return to the old normal and embrace new strategies.
Remotely managing cyber security incidents, collecting forensic information at a distance and managing cyber security risks have all continued during the crisis and should continue afterwards.
MDR Cyber have worked with a number of organisations in areas such as team planning and structuring as well as incident management and response. If your organisation needs any support in these areas, our team of consultants and investigators are here to help you keep your business secure. You can also learn more about our thoughts on Remote Incident Response here.