MSP Summer Security Report Card: Getting Back to ‘Normal’
As vaccination rates increase and the COVID-19 pandemic begins to quiet in some parts of the world, businesses face an entirely new set of challenges: getting back to normal … or whatever the “new” normal might look like for their office environments.
After more than a year of being partially or exclusively remote, offices in many industries have either already reopened or are planning for a return to in-person work later this year. What began in a panicky scramble is ending more gradually and, in some cases, is permanently changed.
Whether it’s to save money on office space or to accommodate the workforce’s new-found appreciate for remote work and flexibility, some aren’t coming back to the office at all, and those who do aren’t necessarily clocking in five days per week. Terms such as “hot desking” and “hoteling” are back in vogue as businesses try to navigate the financial, emotional and productivity-related aspects of post-pandemic workspaces.
At the same time, many employees are opting to work from home part or all the time. Some surveys show that as many as one-third of workers would rather quit their job than work in-person full time.
When employees do return, they’ll be bringing with them company-owned devices that have been running exclusively on home Wi-Fi networks for months, personal devices that have been co-opted for work purposes, and lots of bad security habits that developed when toggling between updating spreadsheets and their third grader’s math homework all day.
Updating Your Security Report Card for the Return to the Office
How can MSPs create a safe and secure re-entry? Here’s a guide to making sure your clients are ready:
- Updated device policies – Caution was thrown to the wind last March, but now it’s time to restore some order. Have your customers decided what their ideal device strategy should be? Is BYOD OK? Should workers be bringing laptops back and forth from the office or have dedicated devices for each? Will workers use shared workstations when they’re on-site or always have a dedicated device? After some intentional thinking, companies should revise and restate their expectations and rules.
- Inventory review – Regardless of each client’s new work modality (fully remote, everyone back, hybrid/flex), they’ll need enough devices to go around. Are they on-site and loaded with the right software? Or is it time to restock and refresh some older computers?
- Collaboration platforms – The pandemic may have quickly ushered in new tools and platforms to allow workers to communicate, share screens and jointly work on files. Once some workers return to the office, those platforms won’t disappear; instead, they will be used far more often within the office network. It’s important to standardize and ensure that these platforms aren’t creating any security risks, and that employees are trained regarding which devices to use them on and what types of information should or shouldn’t be shared using them. Are you prepared to shut down these shadow IT solutions and migrate workers to approved tools?
- Inspecting and updating returning devices – Before everyone plops down at a desk and plugs in an Ethernet cable or logs into the corporate Wi-Fi network, is there a plan to ensure those devices don’t have any viruses, are appropriately patched and are running the latest versions of key software? This critical step is easy to overlook in the excitement and chaos of returning to the office. Staggering re-entry and running these checks as a pre-requisite to return can reduce the risk of someone bringing back any unwelcome stowaways. Using a “quarantine” LAN for these devices until they’re fully checked out is one route to ensure everything is up to snuff.
- Inspecting and updating “abandoned” devices – Many devices may have been gathering dust in the office the past 16 month–especially printers!–and could use a review and refresh of their own. Patches, OS updates, virus scans and the like should be a priority before they get booted up on the network.
- Password updates – Businesses should always be requiring regular password updates, but re-entry is the perfect opportunity to force everyone to do so. All systems should be reset to
- Page 1
- Page 2