With the Circuit breaker in Singapore is almost over. As more employees return to office to work in phase 1 of easing back to the society, what are the cybersecurity risks companies might face? When circuit breaker was implemented, many companies rush to grant access for their employees to stay productive, and many have been using their personal devices to access work documents — Will this bring about a sudden breach and increase in viruses in office systems?
According to Chua Bo Si, Technical Program Manager, HackerOne, since office appliances such as printers, wireless devices, and internal servers have all been left dormant, unused, and unmanaged pretty much the whole time during the Covid-19 circuit breaker period, IT and security teams should probably do a version check across all their IT assets and conduct security patching across all of those assets.
It will also be important to make sure that IT teams disable any remote working capabilities or applications if they are not needed any longer (e.g. remote desktop), as those applications only add to the attack surface unnecessarily.
Lastly, Chua said that it wouldn’t hurt to run an anti-malware scan on all machines before introducing them back to the corporate network. “But all in all, I think going back office does not directly introduce more vulnerabilities (as opposed to the reverse),” he added.
Tommi Maekilae, Senior Solutions Architect, Synopsys Software Integrity Group, said that the rapid shift of a large portion of employees to a remote setting has forced companies to take shortcuts to enable their workers for extended remote access to keep up productivity. This included reduced security controls, allowing direct access to systems previously only available through a Virtual Private Network (VPN) or simply allowing temporary remote access to partners or customers. Once people return to the office, he warned that such changes should be thoroughly assessed and reversed back if not required, which may prove problematic given the changes may have been hastily implemented to only parts of the system and not properly documented.
Employees may have found alternate ways of working and use new technologies to overcome shortcomings in their remote work environment. This might include consumer grade video conferencing, chat and file sharing applications that may have not been previously sanctioned for business within the company. While such technologies certainly pose a security risk due to inherent vulnerabilities during the WFH -period, they are also more likely bringing them back to the office upon their return for continued use.
The problem is not only about people using their own devices and risky applications to handle potentially confidential data, but also businesses themselves having too much trust on traditional security mechanisms like anti-virus software, firewalls and VPN solutions, while not having proper vulnerability management and application security practices in place.
Application security and vulnerability management practices sadly often focus on patch management only, which may also have been implemented with the general premise of equipment being physically present at the office and connected to the office network, thus potentially leaving equipment taken home lacking important security updates. This then leads to a situation where company equipment may have any number of vulnerabilities left undetected and unpatched and may already have been silently compromised and running malware or having backdoors implemented and ultimately pose a serious risk upon being returned and connected to the office environment despite the patches being applied eventually.
At the end of the day, there is no standardised model that organisations could follow to transition back to work-from-office. Different circumstances like government regulations, industry requirements, and people’s opinions can considerably impact the timeframe when particular offices are reopened. Businesses in many occasions will ultimately face a hybrid situation where a part of the workforce will remain in a work-from-home setting for an extended period of time, while others return to the previously normal office environment. Such a situation will require reconsideration towards security practices like endpoint security, data protection, logging and monitoring, vulnerability management practices (application testing and patching) and authentication mechanisms which will support both the people working from home as well as people at the office with an equal level of usability and security, not forgetting cyber hygiene awareness and communication to employees to understand best practices and potential risks, now more than ever.