Business returning to their offices after a long lockdown lay-off should consider the cyber security implications, according to a leader in the field.
Matt Horan from C3IA Solutions is urging companies to carry out checks before getting all their staff back because the risks will have increased.
And it is not only technical things that need checking, but the environmental conditions and physical security too.
Leaving IT kit alone for a long time will create new vulnerabilities and cyber crooks upped their game during the pandemic and are more dangerous than ever.
Furthermore, staff changes during the last 17 months could open the back door to criminals.
Matt, whose business is headquartered in Poole, Dorset, said: “Any hardware that has remained switched off for a long period should be powered up and left for 24 hours before it is used.
“Often hardware will fail in the first few hours of it being started and it is best to check all is well rather than assuming everything will work as it used to.
“All passwords on network-critical devices should be changed; not only is this good practice anyway, but there might have been staff changes within the business.
“Software should be assessed, tested and then patched, and this could take hours or even days because installations can take time.
“New or updated software should be considered to replace out-of-date versions. This might mean a considerable cost, but it is better than suffering a cyber-attack.
“Staff may well need familiarisation, security and awareness training for any new software that has been introduced.
“It is also important to consider the environmental conditions – heat and air conditioning for server rooms should be tested to ensure there are no leaks.
“New staff will not necessarily be familiar with a business’s working practices and security processes so will need to be briefed.
“And it is always important to check the physical security of offices, including alarms and CCTV.
“A physical security sweep should also be undertaken, and staff ought to check their working areas and remove anything that looks suspicious or is unfamiliar.
“Also, any data that people have at home, whether on paper for stored digitally, should be checked and destroyed or brought back to the secure office environment.
“As there were risks with people suddenly working from home, there are risks with workers returning to offices.
“Working practices and business models might well have changed during the last 17 months and this too might add to cyber risks.
“While carrying out checks might be time-consuming and possibly costly, it is far better than being the victim of a cyber-attack.”