How to manage IT security post-pandemic: Returning to the office.

The time has come for some of us to start returning to the office, and we think it’s about time to stop living in our joggers and start wearing real clothes again. Whilst most businesses will have put in the appropriate measures to keep the workplace clean, and employees safe, are the same precautions being executed to keep your computers and IT systems safe?

A YouGov survey showed that 1 in 5 people, went from never working from home to doing so in the past year. With lockdown restrictions easing, we are starting to see an influx of employees returning to the office which creates the possibilities of cyberattacks and data breaches. A study by IBM found that 95% of cybersecurity breaches are caused by employee error. This includes lost or stolen devices and accidentally downloading malicious software.

95% of cybersecurity breaches are caused by employee error.

Cyberattacks and data breaches are detrimental to all businesses, however small businesses who are less likely to be prepared for this threat can receive devastating consequences. A Symantec Internet Security Threat Report revealed that 60% of targeted attacks were aimed at SMEs. FSB report that the annual cost of such attacks has been estimated to cost £4.5 billion within the UK, and IBM has reported that small organisations – ones with 500 or fewer employees, can spend up to an average of $7.68 million per incident.

There are several preventative steps, businesses can take to help keep your company's data secure and improve overall IT security. We have produced a user-friendly checklist on what to look out for and key steps to help you protect your IT system when employees return to the office.

  1. Provide training and guidance to all employees
  2. Perform health checks and sanitise all devices
  3. Monitor and report suspicious activity
  4. Identify and Access management
  5. Seek support

Image of employees receiving IT security training

Provide training and guidance to all employees

First and foremost, as stated above, most data breaches are caused by employee error, and therefore ensuring your employees have the appropriate training and guidance will help significantly reduce the risk of cyberattacks and data breaches in your business.

Ideally, all employees will have previous training on proper cybersecurity before they start working from home, however poor cybersecurity habits may have been formed putting your business at risk. Thoughtless tasks such as using personal devices to access company data and using company devices to access personal data and non-company related websites are all ways employees can regularly open the company to potential cyberattacks.

Before all employees return to the office, ensure that appropriate training, guidance, and rules have been offered to all employees. Make clear how official communications will be received to avoid potential phishing email threats.

3-1

Perform health checks and sanitise devices

Before allowing employees to reconnect to the main company network, assess the health of all devices and screen them for threats. We recommend conducting a vulnerability assessment which includes looking at items such as if all applications, software, and antivirus is up-to-date and regularly updated strong passwords have been set.

Download The IT Security Assessment Checklist

The IAM specialised surveyed UK workers, and 58% admitted to being more likely to try and bypass a company’s security measures when working from home. This portrays how imperative it is for companies to check all devices for unapproved software and perform health checks.

In the meantime, you can instruct employees to connect their devices to a guest network or a temporary network, until a full health check has been carried out on each device. All personal devices should only ever be allowed to connect to a guest network and never the company network.

4-1

Controls and Monitoring for suspicious behaviour 

Having controls in place to monitor and reporting suspicious activity is important. Ensuring that those who act as admins have appropriate access, and all employees have a means of reporting potentially suspicious activity.

Using anomalous behaviour detection tools such as SIEM or EDR will help you easily recognise and report suspicious activities. These will reveal behaviours such as misuse of VPNs, employees trying to access data that they shouldn’t be, and access changes.

Encouraging your employees to report suspicious activity can help reduce the impact of threats, especially in phishing email attacks that get sent to multiple users at the company.

Identify and access management

Identify and Access management

Reports suggest that the average SME under 100 employees has at least 22 business applications. This rises significantly with mid-market and enterprises where on average they run from 460 to over 750 applications. This hugely increases the likelihood of compromised usernames and passwords, allowing cyber-criminals to gain access to corporate applications.

With so many applications, both SAAS-based and on-premises, there is a need to provide secure, seamless centrally managed authentication, taking away the risk of users managing weak static passwords.

Image of people pointing at a laptop

Seek Support

As a small or medium business, you may not have the resources or the knowledge to fully ensure that your company is fully protected and secure. Therefore, seeking help from managed IT services could be crucial to your business.

At AZTech, we have considerable experience with assisting clients to prepare for remote working, and their journeys back into the office space. Alongside this, we offer full security services to ensure your business is protected from cyber-attacks.

We currently offer a free It Security Assessment which will analyse how secure your organisation is, discovering any vulnerabilities and areas for improvements. Or you can download the 90-step checklist and perform the assessment internally.

Book Your Free Security Assessment

 

How To Manage IT Security Post Pandemic_Returning To The Office-2

 
Related content

related posts

How to manage IT security post-pandemic: Continuing to work from home securely

The BBC reported that 74% of firms surveyed by the Institute of Directors plan on maintaining remote working. With ...

13 Top Cyber Security Awareness Training Topics You Should Cover

Understanding the effectiveness of security awareness training topics is important to help employees understand and ...

9 Top Email Security Best Practices For Employees in 2024

In 2024, email has become increasingly crucial to business success, and organisations must adhere to a more robust set ...