At the start of the pandemic, there was an intense scramble to enable remote work for many in the “laptop class”. For many people, working from home was a welcome change from stressful commutes and a hectic family life. Some people are scrambling to get back to the office to escape makeshift dining room desks that compete with family life and chaos, or just crave the social interaction, creative interactions, and other structure that office environments provide. You might be in a hybrid situation, where you are putting in hours both at home and in the office. Either way, you’re back and you’re ready to go.
So is that malware that’s been sitting on your laptop for a while. Quietly gathering information, unbeknownst to you. Like you, it’s been out of the office while you worked from home, waiting for the alert that it is no longer on a home network, and now tied into the “mothership” of your office network.
We know you did the best you can. Using a home computer, perhaps shared with other members of your family and without a business class firewall, made it possible to get work done, but has possibly introduced security risk to your work network.
What can you do to help to prevent any catastrophes?
Regardless of the industry you work in, you’re a target. Too many small businesses think they’re “under the radar” with respect to security because only the big events make the news. What too many small businesses don’t know is that most threats are indiscriminate, automated attacks, and a ransomware attack on a 20 person company could wipe out the company, but won’t make the headlines. So don’t go back to work thinking that you're low risk and unlikely to be the problem.
Acceptable Use Policy: What are employees allowed to do on your network? Can personal devices be connected to the company network? Do you have any policies around passwords? Some companies may think in advance to put policies and procedures in place, but if they don’t, there are suggestions for actions to take BEFORE you connect at work. First, scan all devices for vulnerabilities before returning to the network. Once you’ve scanned them, validate that all software is up to date and that there are protective measures in place moving forward. For ongoing protection, ensure that your employees are trained on what they should look for with all emails, clicks, and views that are done on company hardware.
Employee Training: As more and more technology and policy protections are put in place to stop cyber threats, end users often wind up becoming the weakest link. Does everyone in your organization know what two-factor authentication is? Does everyone know what phishing and spear-phishing are? Does everyone know that often there are no obvious signs of a cyber threat when you click on that questionable link (and then falsely assume nothing happened?). The more users know about the various types of threats, the safer your organization will become. An ongoing cybersecurity training program addresses the “human firewall”. Signing up for Ekaru’s cybersecurity training platform with it’s leaderboard and weekly micro-training is a great way to get users up to speed, but even a short discussion at staff meetings to talk about the latest threats will help increase awareness.
While one approach would be to wipe all machines clean, when done with professional guidance, you can return to work safely by taking less dramatic action with a few steps.