Reverse Migration: Information Security Issues When Returning Employees to Offices

After the outbreak of the pandemic and the self-isolation regime, the business faced a problem in the form of the need to ensure the information security of remote employees. Indeed, the security perimeter is shifting a lot, at first corporate data goes beyond this perimeter, so many companies took great risks. Careless behavior of the employee and all the valuable data went to the cybercriminals.

But over time, everything worked out – the business adapted to the new conditions, and the information security departments of different companies at the very least learned how to protect the outer perimeter. But now the situation is reversed – more and more companies are returning employees to their offices, there is no more self-isolation, which means that it is necessary to return the protection boundaries again, modify information security systems and solve many problems. Under the cut, let’s talk about these tasks and how to solve them.

The main task is to put in order the measures to protect corporate information in the offices. The fact is that about half of employees working remotely do not pay attention to safety rules. According to Tessian, there are a lot of such employees – over 52%. With them, you need to carry out systematic preparatory work, as well as solve other problems.

Corporate equipment and upgrades

There are companies that, almost immediately after the onset of quarantine and the introduction of a self-isolation regime, provided their employees with corporate equipment with customized tools for remote protection. The most prepared companies have developed a system for remote updating of such equipment, with the installation of the latest updates / software patches.

But the overwhelming majority of companies that issued laptops or desktops to their remote employees did not have time / could / did not want (emphasize the necessary) to deploy such a centralized update system. And if earlier this was done by a system administrator who was in the office, then at home his current user is responsible for corporate equipment. The sysadmin will not go to homes.

The software has not been updated for many months, because at home, if a remote control system is not configured, users themselves will not do anything. Well, upon returning to the offices, the information security departments will have to conduct a large-scale inspection of the returned equipment with further update / modernization. Failure to do so could put your company’s network at serious risk.

Games and personal apps on corporate PCs

The second problem is related to the first. Not only does corporate equipment remain without updates, but some employees also install personal applications on it, use personal services.

If the company has carried out the necessary work in advance to install the control software on corporate equipment, this problem can be avoided. If not, as, most likely, it was, then the threat becomes more than real.

As soon as a laptop infected with unknown malware is connected to the company’s internal network, the latter can be compromised in a matter of minutes. Therefore, the information security department should also conduct a large-scale check for the presence of information threats.

One laptop, many users

In addition to installing games and personal applications, the problem may be access of family members of an employee to his corporate equipment. This is especially true if there is no laptop or stationary PC at home, but there are children or any other curious household members.

In this case, a solution is found quickly – a new account is created with which secondary users go online, download applications and games, surf on social networks. All this can be implemented from the main account, the protection of which is simply disabled in the worst case.

In many cases, the password and login of the employee becomes the property of grateful household members who do not at all seek to store the received data as the apple of their eye.

Accordingly, the information security department must proceed from the assumption that all accounts of the returned equipment have been compromised. This means the need to replace these old accounts with new ones.

I’m with my

An additional major problem is the use of personal equipment by employees in the course of performing corporate tasks. It may well be that someone did not use a laptop issued at work at all (not a familiar tool, it works slowly, etc.), but worked with a personal one.

These are not necessarily laptops, employees can use flash drives, other external drives, smartphones and much more to connect to the corporate network and work with these companies.

Accordingly, after the return of employees to the offices, it is worth scanning the corporate network for new devices – it is quite possible that one of the employees took their personal equipment to the company. Just because I’m used to it, it’s more convenient. The danger of this approach is not understood by all employees.

Changing the perimeter of protection

This has already been said above, but it is still worth repeating. It is imperative for the company to start monitoring the equipment that was previously out of the office. After laptops, desktops, smartphones and other devices return to offices, you need to perform more frequent and thorough perimeter checks than before.

Thus, you can quickly eliminate emerging threats and gradually bring everything back to square one. Network Security Experts recommend, for example, carry out an inventory of all systems within the company that can be connected to from the Internet.

It is also advisable to study the event logs from corporate devices of users who have been outside the protection perimeter. In this case, you can quickly identify the problem and prevent compromise of the corporate network.

Not all will return

Nowadays, not many companies are returning their entire state to the office. Some make compromises, and invite only those employees who are extremely important to the work of the company and who are indispensable in the office to return. Or they organize shift work with rotation of those who work from home and those who work in the office.

But in this case, you need to continue to control not only the inner perimeter, but also the outer one. It is also necessary to ensure security for remote workers, periodically check the company’s equipment that is out of the office, and conduct information training among remote workers.

The situation in this case becomes a little more complicated, since both the internal corporate network and the external one need to be protected. Going back two years will not work – after all, many employees liked working from home. So, only 9% of those who went to work remotely want to return and work only in the office. 35% want to stay outside the walls of the company, working from home, and another 56% would like to spend part of the working week at home, and part – to work from the office.

Accordingly, information security departments need to plan their further work so that the new reality does not interfere with the work of the company, but, on the contrary, makes it possible to obtain certain advantages.

What about Zyxel?

In the recently presented update of the centralized network management system Zyxel nebula, several important security updates have been included:

• Added support for firewalls USG FLEX…
• The modern concept of integrated security Zero Trust has been implemented.

More specifically:

• Introduced two-factor authentication based on Google Authenticator – verifies the authenticity of users accessing the network through remote workplaces and personal mobile devices.
• Zyxel Secure Wi-Fi – Provides the ability to create a transparent access point that can be configured to replicate the SSID of your office and automatically create an encrypted tunnel, providing unhindered access to your corporate network. This simplifies deployment while maintaining a high level of control over the security of remote workplaces.
• Collaborative Threat Detection and Response (CDR) has been added – USG FLEX firewalls detect a threat on any of the connected clients and then automatically respond to them by holding the device at the edge of your network (access point).