New security holes open as employees return to the office
When COVID hit, many organizations made a quick, tactical decision to move employees from corporate offices to their homes. Initially, the technology focus was to ensure that these individuals had the tools needed to complete their work as if they were still in the workplace. Those who normally worked from a desktop were issued laptops so they could work from home.
As workers slowly stream back into the office, organizations cannot be sure that deserted desktops will be secure when workers return. Thus, processes supporting the return to work need to be developed.
Convenient but Not Safe
Many of the tools embraced for off-site work weren’t originally designed for enterprise-level use. Or they’ve been deemed safe as long as users maintain them with updates and patches. Especially while normal security protocols are disrupted due to COVID-induced new ways of working, hackers have been quick to exploit every open opportunity.
In June, for instance, researchers discovered vulnerabilities with Zoom. Similar issues were discovered with Slack, an IM-ing staple among distributed workers, in April and August. And the list builds from there.
Closing up the Holes
Zoom and Slack issued patches that fixed the problems with their systems, but they are only effective if users install them. Missing updates or a skipped patch can leave a door wide open for intruders to access data and slow productivity across the entire company.
The shift to a predominantly work-for-home culture disrupted the typical update process for office desktops, so corporations, and perhaps even more so, employees, need to adjust.
When employees were in the office, updates were installed when they turned on their systems. Since many have not been remote for months, a backlog now exists.
IT pushed out the changes, but because no one turned on the dormant desktops or initiated installation and performed the required restart, they were not installed. Also, returning employees may take shortcuts and turn off updates because they slow other applications. Or they delay installing updates altogether.
So how do you safeguard corporate information knowing that some employees will skip the critical step of updating their desktop upon returning to work?
The burden may need to shift to IT staff to check desktops before staff return on site, even if it’s just for a day. All this requires keeping IT informed of when staff will be working onsite so they can ensure that updates are made to the dormant desktop and the system is secure. Only then will a company know that long-dormant desktop systems are secure and not a conduit for cyberattack.
# # # #
Denis Savage, VP of Operations at NFINIT, is responsible for operational support across the company’s entire IT space and leads cloud, disaster recovery, and network practices.