Strict security vetting and network segmentation procedures are as important as pandemic measures when WFH return with their office devices.

Five months later, the world is slowly shifting some of the WFH back to the office, albeit with strict social distancing and preventive measures.

Despite the advisories and checklists supplied by the authorities on how to go about the process of returning staff to the workplace on rotation or at staggered hours, businesses have their own unique workspace and workflow considerations. How best can administrators reintegrate employees and business partners into the physical premises with safety and health as a top priority?

The CybersecAsia team had the opportunity to tap the brain of a chief security scientist, Joseph Carson of privileged-access management firm Thycotic, for some answers.

CybersecAsia:As lockdown and work-from-home measures start to ease around the region, what are some potential security risks for organizations?

Carson: The security risks that many organizations should be concerned about when employees start returning to the office is what malicious malware will be hiding inside their laptops waiting to laterally move onto the corporate network and providing attackers with remote access—or even ransomware waiting to strike when more devices get infected. It is important that devices are scanned for malicious software before they get reconnected back to the corporate network.

CybersecAsia: What should C-levels be aware of, as they re-integrate employees back into the workplace?

Carson: The biggest priority should always be the health and safety of employees. As organizations re-introduce employees it should be done in a phased approach and contact tracing should be made possible. C-levels should also be aware that reintroducing employees also means reintroducing devices that have been exposed to the wild internet and potentially could be infected, so it is also important to scan devices for malicious software.

CybersecAsia: How serious are the security risks of compromised devices reconnecting to the corporate network? How different are these risks compared to employees connecting remotely during the COVID-19 lockdown?
Carson: The risks are serious as attackers will likely be using employee devices as mules to gain access to the corporate network. These risks differ significantly from accessing through a VPN as most traffic is monitored and secured even though when connecting directly to the corporate network they tend to have access to all devices. It is important to segment devices until they are thoroughly scanned and clean before allowing them full network access.
CybersecAsia: How do we ensure that corporate and BYO devices are clean before they can be cleared to reconnect to the corporate network?
Carson:  Bring-your-own devices (BYOD) should never connect directly to the same network as managed devices. They should always remain segmented and security should be focused on identity and privileged access management so organizations do not really need to worry about the device itself. For organizations that allow data on BYOD then they should of course use a mobile device management solution so they have some control and security.
CybersecAsia: Thank you, Joseph. Your previous contribution on holistic WFH tips to CybersecAsia will come in handy for people who are still doing WFH. Readers can also pick up other useful insights on post-WFH matters here and here.