Returning to Work? What about PPE for your PC?
(or, as we say, PCPPE!)
By Andy Travers, EVP Sales & Marketing, Exclusive Networks
As we begin the slow return to work and provide our people with PPE (personal protective equipment), instructions on social distancing, and hygiene measures, this blog asks: are we taking the same approach to safeguarding the returning devices that may now be contaminated?
Without testing or obvious symptoms, a whole bunch of computer viruses, malware and other malicious content could have infected laptops and devices from the home Wi-Fi or those personal applications we’ve all been using to pass the time during lockdown.
Being Blind Spot Aware
We rightly concentrate on people protection but many companies, large and small, may overlook the safety and wellbeing of their IT networks and enterprise systems, and the threat posed by returning employees and their personal devices and company-provided work tools and devices.
The security posture of a home network varies greatly, not everyone is tech savvy and trust is often placed in default configurations of home devices such as routers. To compound matters further, home networks are often ‘dirty’ due to the pervasive nature of malicious software on devices that are not adequately protected. This creates a major security concern as people begin to return to work; a potential blind spot that might be overlooked.
Bad Actors Have Been Busy
Personal devices, home laptops and PCs, isolated in the home network, may (on their own) not provide such a huge threat but, once attached to the company network, it could be a different story. Recent data and threat reports have highlighted the huge explosion in this threat vector by the fast move to home working and how the bad actors have exploited this to maximum effect. These guys have likely planted all sorts of dormant and sinister bots and trojans, biding their time waiting for the right moment to execute the intended mission – months or even over a year later.
What to Look Out For
The list below is not exhaustive, but an idea of the tasks and actions we must consider in preparing for the health and wellbeing of our device data, digital assets, applications, services and software.
- Rogue Devices
Scan your networks for unknown devices – you never know – habits are hard to break and users may accidently bring in devices they’ve become comfortable with and assume it’s OK. Maybe issue a note to everyone to prepare them and ban such devices being attached to the network!
- External Drives
Users may have used external thumb drives and devices for storage, etc. Best re-enforce that these are forbidden and deploy device control to block.
- Not Updated OS and Software
Out-of-date operating systems and software could have vulnerabilities ready to be exploited. Similarly, devices left on premises may have been shut down and will be out of scope. Auto-update settings may even have been turned off! As soon as you are able – make sure everything is patched. Now’s the time to check that all endpoint protection is on and up to date.
- Non-Approved Software and Apps
Many users may have installed new apps – Zoom being one of the obvious ones – that may not be approved. We need to check what risks these apps and other software present to the company by some sort of application risk service.
- Password Reset
Now is a good time to refresh and reset passwords, particularly as these may have been shared with loved ones. Existing passwords may also have been used on new sites and services that are unreliable. Enforcement of this is necessary and worthwhile.
- Take Stock
In the rush to react to the impending lockdown – we may have quickly allowed users to disconnect devices and peripherals to take away. So remind them that they were to ‘take away’ not to ‘stay away’. Employ asset tracking and conduct an inventory stock take! Similarly – you may have purchased additional licences like MS Teams, and quickly deployed them to allow users to be productive at home. Do they still need access to this? And if you’ve used a monthly subscription platform, why not cancel these subs and save some money?
What of the Future – the Next Normal?
In the rush to provide the solutions to users, many will have gone for quick fixes and contingencies. A case of optimising what was dynamically provisioned and holding it all together. So what does the ‘Next Normal’ look like? Everything points to a hybrid work-life balance future so consider what that looks like from a provisioning and protection perspective, and perhaps a rethink is needed.