Maksim Kabakou - Fotolia

Security Think Tank: Reopening is an opportunity to reassess wider security posture

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers?

The “return to the office” has been a talking point throughout much of the pandemic, viewed with a mixture of anticipation and trepidation. But the common thread running through these conversations is that 15 months-plus of remote operations has changed working patterns in the short to medium term – and potentially for ever.

In effect, it is a turning point for the traditional office set-up and a hybrid model, whereby people work partly from home and partly from the office, seems likely to become predominant. This is underpinned by constructive conversations taking place about whether everyone needs to be in the same place at the same time. For many, it is more productive to give up the daily commute and replace it with a monthly meeting or optional weekly sessions in the office.

And there seems little doubt that this once-unthinkable reshaping of working life is made feasible by the changes, operational and cultural, undertaken at the start of lockdown. These enabled entire workforces to keep businesses fully functional while working from home (whether from the bedroom, the kitchen table, or the luxury of an office).

This saw many organisations ship company computers, laptops and mobile devices to employees’ homes. Meanwhile, to enable people to work as securely as possible while away from the office for an extended period, security teams adjusted controls and monitoring to cater for a corporate network that was now predominantly made up of fractured endpoints.

To a good degree, the working-from-home element of the hybrid model has been addressed. The challenges lie in the return.

Immediate security checks

While device management and protection should be the default, the reality following over a year of irregular working conditions means that this cannot be taken as a given.

Devices have not been fully contained within the controlled networks of the organisation, resulting in potential misuse and neglect (most probably unintended, but risky nonetheless). Patch management is therefore a priority, as updates may have been missed, leaving equipment, and therefore the network, vulnerable and putting the enterprise at risk.

Endpoint devices should also be scanned for malware or malicious software once they reappear in the office. Always an unwelcome (if understandable) presence, shadow IT could have crept in unchecked during the prolonged period of people working from home. Discovery tools will be needed to understand the additional risk exposure/attack surface so that CISOs can plan the best way to move forward and bring it under control.

The teams responsible for network telemetry solutions, especially those based on artificial intelligence (AI) pattern recognition, will need to prepare the tools and themselves to handle the revised working schedules. Telemetry “learns” what normal behaviour patterns look like in order to identify anomalous events that are potentially threats to the business – an influx of employees suddenly signing on from shared gateways after months away from the office could trigger false positive alerts.

Also, it is a good chance to review other security-related activity, such as cyber security training. The altered work environment potentially leaves people and organisations more exposed than previously and it is critical that employees are up to date and can take part in face-to-face training where necessary.

Future strategies

As well as these practical tasks, how CISOs now manage security in the changed work environment should be addressed. If it hasn’t yet been undertaken, a re-evaluation of the organisation’s security posture against its risk appetite is a useful exercise. Many security teams will have had to make lockdown-driven allowances and permissions to ensure business units were operational; they now need to consider unpopular roll-back options or look to implement security strategies that bring the risk of those activities back within an accepted range. 

Here it is worth taking into account that keeping employees onside is a core element in CISOs’ maintenance of the all-important “human firewall”.

For example, if using personal devices during the early stage of the pandemic proved popular, CISOs could consider connecting to these through mobile device management (MDM) solutions and increasing detect-and-respond capabilities to protect corporate assets. That way, employees continue with an evolved way of working without putting themselves or their employer at risk.

Of course, in the main, much of this work has been ongoing since the almost overnight move to remote working was forced onto organisations around the world. In conjunction, many security teams and CISOs will have been planning ahead, anticipating full, or at least fuller, offices long before it happens.

Combining past, present and future

The partial move back to corporate offices as lockdowns ease is also a good opportunity for the CISO and security teams to take stock, re-evaluate and revise strategies to ensure security activities are still aligned with business goals and organisational risk appetite, both of which can change. 

These plans need to account for the remote working trends activated in 2020 being here to stay – dynamic monitoring, pattern definition in order to understand “normal” network traffic, and zero-trust philosophy will continue. At the same time, more populated offices could once again become more critical nodes from a network security perspective, offering would-be attackers a known entry point on which to focus their attention.

Overall, the CISOs and their teams need to continue managing a combination of office-based and remote access management solutions to deliver a security model that meets both “old” and “new” world needs. They will not be able to simply operate one or the other. Once a privilege, working from home is now taken as a given in many industries and job functions, and security must be the enabler, not a blocker. 

Read more on Endpoint security