Returning to the office: 10 cybersecurity steps you must take first

David Fleming, Chief Technology Officer at Mitigo gives his 10 top tips to help firms avoid a cyber incident and reduce the risk of a breach when returning to the office.

Share this post

David Fleming, Chief Technology Officer at Mitigo gives his 10 top tips to help firms avoid a cyber incident and reduce the risk of a breach when returning to the office.

The move to remote working caused a spike in firms falling victim to damaging cyberattacks, including ransomware and email account takeover. I now fear, as staff start to return to the office, that even bigger issues may lie ahead of firms.

The things which would keep me awake at night are (i) malicious software being introduced back into the office by ‘dirty’ devices, (ii) security protection failing, leaving known vulnerabilities, (iii) data being lost or compromised in the move and, (iv) staff bringing digital behavior into the office that is inappropriate and dangerous.

If you are worried about this too, please carefully read this top 10 priority checklist:

  1. Staff cybersecurity refresher training should be issued prior to office return and browser controls should be reviewed/tightened.
  2. Work laptops, computers, and drives (including USBs) should have a full anti-virus scan before returning.
  3. Work mobile phones, laptops and computers should be brought up to the latest O/S versions.
  4. Once reconnected to the secure network, ensure that anti-virus software has updated and is reconnected to its central control.
  5. Personal computers and phones should only be connected to a properly separated guest Wi-Fi.
  6. Automated software and OS updates processes need to be reviewed and re-enabled as necessary.
  7. Remote connection software and ports should be removed, retained by exception only.
  8. Personal data and confidential information must be consolidated to follow existing company policy. Checking for temporary use of cloud collaboration platforms.
  9. Back-up configuration needs to be reviewed to ensure it is working effectively and securely.
  10. Local and external firewall configuration should be checked, ensuring alerting is directed appropriately.

There is of course more to do, but if you do this top 10 well, it will dramatically reduce your risk. If you do not understand any of the above, please contact us.

CYBER SECURITY UPDATES

Sign up for the latest advice and information about keeping your business cyber secure.

Share this post