Maksim Kabakou - Fotolia

Security Think Tank: A return to the office is not a return to normal

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers?

Returning to the office makes my feet hurt. For months, I’ve worked solely at home, where I put on slippers in the winter and go barefoot when the weather warms up. By contrast, a day in the office means wearing lace-up dress shoes which, by the end of the day, leave me limping and in pain.

I’m unlikely to be the only one suffering as lockdown eases, office life is resurrected and workers return in large numbers. Pain is going to be felt across entire organisations and infosec teams will feel that burn before the hordes descend, while they are working and long after they have shut down their laptops and left.

Ideally, exactly how an organisation is handling that return (big bang or slow drip) has been communicated widely. Even better if the security function has been involved in the discussions so it can shape that strategy – that might give it time to set its priorities and start the work.

First steps could revolve around the corporate network, where it might be necessary to spin up services and supplier relationships that were mothballed during lockdown.

I’ve had conversations with CISOs who used the hiatus of lockdown to push on with projects on their internal networks – the return could see some significant stress-testing of those changes.

Quite a lot of the pain will be caused by the unapproved endpoints that returning workers are toting. It’s reasonable to assume that some of those devices, phones, tablets or laptops will harbour malicious code of one sort or another.

A home worker can be a distracted worker – something cyber thieves know well and have capitalised on. Couple this with the informal way people work at home and all the non-work-related sites and services they have visited on that unapproved gadget, or even on their work laptop, and you have a potentially toxic combination.

It’s a time to reinforce or expand network segregation efforts, ramp up incident response, beef up support desks and prime security operations centre (SOC) analysts (if you have them) to look for tell-tale signs of trouble emanating from those visiting endpoints. Assess the readiness of back-up and recovery systems too, as ransomware is rampant right now.

The return is also a great time to remind those returning workers, as gently as possible, about their responsibilities and what counts as safe working. A year or more out of the office will have eroded good habits, produced short-cuts around established controls and over-written practices that were embedded.

That time away will also have instilled some new, and potentially unsafe, patterns of behaviour that might need attention – such as how confidential information was handled at home or whether they reported opening attachments that they should have left alone or clicked links that turned out to be dodgy.

Perhaps the biggest change that infosec teams and CISOs will need to accept is that this hybrid way of working is how it will be from now on. There’s no going back.

The workforces of many large organisations will be forever divided between home and office – a situation that has significant implications for the entire edifice of established policies, practices and technologies that form information security as a profession.

For a start, collaborating across work and home environments will make it far harder to reconcile, protect and maintain the integrity of the information that teams collaborate to produce. That demand becomes particularly pressing for those key assets, the crown jewels, on which organisations base their business.

And that’s perhaps where the real pain will come in. There are a lot of tactical steps that can help cope with the sudden return of workers, but long-term there are significant strategic changes that CISOs and their staff will have to work out and implement. And that means walking a path that, right now, is pretty new to everyone. There’s no time to put your feet up.

Mark Ward is a senior analyst with the ISF Research team. He joined the ISF in January 2020 after more than 20 years in journalism. He wrote about technology, science and cyber security for a variety of publications, including the BBC, New Scientist and the Daily Telegraph.

Since joining the ISF, Ward has worked on various topics, including cyber insurance, legal and regulatory implications for information security and open source software. He has also authored a briefing paper, Becoming a Next-Generation CISO, and most recently co-wrote Threat Horizon 2023, which forecasts threats that may materialise in the next two to three years.

Read more on Endpoint security