Business Technology Insights

Reopening Offices Reveal Cybersecurity Gaps and Risks

Written by Cybersecurity and Compliance | May 17, 2021

Offices are beginning to reopen, many to full capacity, but moving as fast as most organizations want is opening significant IT related risks.

As the CDC continues to loosen up societal restrictions on the public, company office spaces have come back to life.  Getting “back to normal” is in full swing and IT departments are feeling the pain.

 

First, we have the challenge of applying general maintenance and updates to idle technology that has been sitting, untouched, for over a year in the office.  Ignoring this undertaking will lead to systems with known vulnerabilities being active on your network.

 

 

Next, we have the pesky issue of all the hardware that did leave the office and is now returning.  For many IT departments, employees were either given admin rights and generally unprotected for the last year or are returning to the domain with a need for a month’s worth of updates.  Either way, systems operating in your business have been on residential networks that are generally perceived as being far less secure.  In addition, most enterprise monitoring tools don’t have visibility to the endpoint when off the network.

 

Lastly, it wouldn’t take a psychic to see what the hackers are going to take advantage of.  When everyone went remote, they attacked remote connections.  When school restarted, they attacked ISDs.  When SolarWinds was hacked, they sat quietly in other networks for nine months.  Now, we should expect that some employees are going to walk back into the office with an infected laptop.

 

Moral of the story? Anticipating security threats and vulnerabilities, and putting in place policies and protections that both minimize disruption and risks, is crucial to pivoting quickly—no matter the situation. Advocate to your management and leadership an ideology that every business needs four things to stay safe from inevitable threats:

  1. A clean copy of data (data protection with verified backups)
  2. Proactive threat hunters (24x7 SOCaaS)
  3. Visibility into security gaps (security scanning)
  4. Cyber insurance policy

Remember, the threat landscape is always evolving and shifting. Tactics that IT teams once accounted for are now child's play to bad actors. The gauge of adequate cybersecurity protection is ever-changing. Make sure you have all the technology pieces in place and accounted for.