With many businesses looking to bring their employees back to the office, careful planning is extremely necessary, not only for the health and well-being of their employees but also for the cybersecurity of companies.
Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, speaks to Việt Nam News about this and more.
Many businesses have already reopened their office while others are planning to do so. What do we need to keep in mind to ensure a safe and efficient return for employees and the company?
As many countries have transitioned to the new normal and started to recover after a long period of lockdowns, sooner or later most organisations will have to consider their post-pandemic work routine. I believe that careful planning is extremely necessary, not only for the health and well-being of your employees but also for the cybersecurity of the company.
According to our ‘Securing the Future of Work’ research, about 74 per cent of respondents said they want more flexible and comfortable working conditions. While many employees are eager to get back into the office, some remain hesitant for various reasons: safety concerns, emotional challenges, loss of flexibility, etc. Therefore, it is essential that companies create a return-to-office environment that employees want to join.
Besides, in the first half of 2021, there were a total of 113.4 million brute-force attacks against users of Kaspersky solutions in Southeast Asia with Microsoft’s RDP installed on their desktops, mostly targeting remote workers.
It is likely that we will see similar attempts by hackers when employees begin to return to work. Although it was great to learn that we have the option of returning to office post-pandemic, we should not rush into anything. Having a good transitional plan and recognising the challenges will enable a smoother transition back to the office environment.
What are the cybersecurity challenges for businesses in the process of returning to office? How should they prepare for it?
Aside from many health safety challenges, there will also be cybersecurity challenges during this time. As we have been working from home, a range of new devices such as personal computers, tablets and mobile phones were connected to company data and accounts. Moreover, the process of transferring files from home to work computers can serve as opportunities for hackers and pose a risk to a company’s data and security systems.
In my opinion, the post-pandemic planning stage is an opportunity to review how your IT demands have changed over the past months and how this remote set-up will change after your employees return to the office.
The first step in returning to normal is to assess and document where your data is. Updating internal systems is a must during the early stages of returning to office. With everyone returning and connecting their laptops to the corporate network at once, just one unpatched domain controller can provide broad access to employee data.
Another thing to keep in mind is that whether your workforce is returning to office or travelling, keeping work-from-home cybersecurity workarounds with additional protection measures such as security checks, adding or expanding VPN access and offering dedicated awareness training will ensure their safe return to on-site work.
The company’s IT team apart, what should other employees pay attention to for protecting themselves and company data against cyberattacks?
The switch back from personal to work computers or other devices poses multiple challenges. When you are ready to return to the office full-time, make sure that all the company’s data you have downloaded on your personal devices is deleted to minimise the threat of leaking the company’s data. During the pandemic there has been a wave of phishing emails that used your curiosity to get you to download malicious attachments and give up personal details.
As people return to their offices, fraudsters can take advantage of this opportunity to trick curious users. My advice is that you should be aware of emails that try to create a sense of urgency, and never click attachments or follow links in unexpected emails before verifying the sender.
Also, ensure all your accounts are protected with a strong password and avoid sending them over email or text. It is important to remember that secure passwords are one of the most necessary keys to protect companies’ devices, systems and data.
What are your employees’ expectations for the future of work? How can we adopt new ways of working while also ensuring the safety of business’ data?
As we are near the end of the second year of the pandemic, I believe now is a good time to re-evaluate the best working conditions for employees. According to a recent Kaspersky report, more than half of all employees in the IT sector experienced an increase in workload. Surprisingly, the majority of those surveyed said that they do not feel any more tired working at home, with 36 per cent even reporting having more energy at the end of the remote day.
As the frameworks for working in office are gradually being erased after the pandemic, I believe companies have been building better plans for their future workflow to meet employee needs and ensure they stay productive, motivated and secure. The hybrid working model is one of the most popular solutions among companies, offering the best of both worlds for their employees. By allowing employees to choose whether to return to the office or work from home, they can improve their productivity and efficiency.
Although we are excited about our more flexible and autonomous future, employee well-being and security need to be top of mind to ensure the post-pandemic development of businesses. I believe it is crucial to create a culture that not only makes employees feel comfortable talking about their emotional state or problems, but also provides them with various wellness, fitness and psychological support services. We need to make sure that our employees stay safe no matter where and how they work.
Keeping work-from-home cybersecurity workarounds and maintaining the security of corporate endpoints are also necessary to ensure the safety of businesses’ data.
Besides, providing employees with efficient security awareness training will help businesses take the right path on the way to achieving a successful future. VNS