FINAL WORD
Rick Vanover , Senior Director , Product
Strategy , Veeam ( L ) and Dave Russell , Vice
President , Enterprise Strategy , Veeam
Start by carrying out risk assessments for each employee and each device . Which devices have been patched and regularly maintained ? Computers used for remote working are likely to have confidential company data on them ; where has the company data been saved and under which account ? These checks need to be performed to minimise risk and make sure compliance standards like General Data Protection Regulation ( GDPR ) is being maintained .
Also , check to see if employees have given away passwords to family members using work computers . Did employees change their passwords ? Did they
Improve employees ’ digital hygiene
While employees may have let their proverbial hair down during remote work , they ’ ll need to rededicate themselves to proper digital hygiene . Push them to use separate passwords for home and work devices . And make sure they ’ re using conventions that are complex and hard-to-crack . Bring back regular training to ensure that they ’ ll be able to spot phishing emails and other threats . Set up guidelines for using public Wi-Fi and for downloading materials . As employees return to work , it ’ s up to the administrators to refine IT practices , one by one , to protect against the top threats in the organisation .
Monitor all activities
The best way to spot problems is to set up a system to flag them as they happen . This practice can be applied to workers ’ tools – and behaviours – as they reintegrate themselves with all of the company ’ s applications . Take advantage of monitoring tools that track changes in usage and applications . If an employee makes a change in an application , you ’ ll want to know . It could be a bug altering a piece of code . Or it could be a change that you made – purposefully or inadvertently – that you ’ ll want to reset . Get in the habit of checking your monitoring tools at least a couple of times a day . It takes a minute , but it allows you to continually reassess your cybersecurity footprint .
Cybercriminals are well aware of how insecure employee environments have been .
use the same passwords across work accounts and personal accounts ? Did they install any new software or remove any during the remote work period ? Administrators need to know before they let employees back on their networks .
Next , make sure to scan all relevant devices for unauthorised apps and software . Employees needed to get creative with work solutions , so they may have tapped resources that help them get through everyday tasks but aren ’ t up to security standards . Run endpoint detection scans on all returning devices to uncover any hidden vulnerabilities . Cybercriminals often target endpoints , so IT teams need to scan all corporate and personal employee devices that will be brought back to the network .
Ensure cloud data management and backups are sound
This is a time for IT administrators to make sure all data management and backup services are in good order . If a rogue device does put any data at risk , you ’ ll want to make sure to have backups in service and programmed with practices that will ensure that the data in question is protected and fully available . Keep the so-called ‘ 3-2-1 rule ’ in mind : Make sure to maintain at least three copies of business data , store critical business data on at least two different types of storage media and keep one copy of the backups in an off-site location . To that , in the ransomware era , we ’ d expand 3-2-1 to 3-2-1-1-0 : Adding another one to the rule where one of the media is offline and ensuring that all recoverability solutions have zero errors .
While IT administrators are looking forward to watercooler talk and on-site collaboration as much as anybody else , they ’ re understandably concerned about the cybersecurity implications of a more broad-based return to work . It could be a challenge . But with proper planning and follow-through , enterprises can manage the risk and solidify their strategies for protection going forward . p
76 INTELLIGENTCIO AFRICA www . intelligentcio . com