Thinking ahead - are there any security oriented steps we should be taking now to prepare for re-opening physical worksites and returning employees?
HI - thanks for your question. Yes, there are steps you can take and now is the time to take them. This is not exhaustive and your organization requirements may vary, but generally this is a good approach.
1) if devices that were used in a telework setting are expected to be used in the office, then a through device and data scan and remediation process is necessary. The last thing you want is malware carried into the office via a telework device. This is best done remotely the night before the device is returning to the office.
2) if you have the resources, you should harvest all the monitoring data you can to determine what kinds of attacks on what systems have occurred and compare that with data pre-COVID telework. Data collected should come from your edge devices, network monitoring, firewalls, etc. Also look closely for any anomalies on protocols and traffic.
3) poll your employees to see how their experiences have been during this time, what challenges have the experience, and what worked well for them. This is not necessarily to determine if you should preserve your telework posture, but to see what opportunities you might have to re-create some of the positive experience back at the office.
4) take the opportunity to review your overall security posture and how flexible it was when shifting to COVID. As business retract from a predominately telework model, they can take some of the lessons learned and implement a more flexible security posture.
5) determine if your current model is sufficient for protecting data. In my opinion, not having an abstracted data protection results first in making the perimeter solely responsible for protecting data. That's like placing airbags on the side of the road instead on in the car. There will be many more frequent injures as a result. And second, it opens the organization to a risk of breach. We've all see the massive breaches resulting from relying on a perimeter model to protect data. If you're open to an abstracted data protection model, then now is the time to start determining your data protection needs, focusing on datasets that drive the business operations, that fall under regulatory compliance, to include country specific regulations.
6) If you do decide to implement a data protection model, and you've conducted a data protection needs analysis, then begin first by deploying the solution to edge devices using your software distribution system. Focus policies on data created, used, and shared in key office applications, databases, and on mobile devices. Then look at internal systems that will be collecting and process that data and protect those based on the organization's data protection strategy.
I'm glad to talk more with you about this to please feel free to contact me.