Pratum Blog

Technology consideration when returning to the office

As more organizations are preparing to head back to the office, there are several aspects of returning to work that need to be evaluated first. In our previous blog “Cybersecurity Preparation for Returning to the Office” we looked at the various aspects of returning to a shared workspace; social distancing, document shredding, and policies & procedures. One important area to remember is technical considerations.

You should have a plan in place to address things such as remote connectivity use or system protection. That’s what we’ll be covering here; the top technical considerations for returning to the office.

1. Check Connections

When working from home, many employees may have found new ways to connect to the internet or office network. Something you should be asking yourself before these employees return to the office is: Are VPN's or personal remote management software being used that your company isn't aware of?

The longer these connections are established, the greater the chance of them being used as an attack vector. It's important to perform a full review of your environment. Be sure to leverage existing security tools to validate data is protected and restricted appropriately. This step can be done prior to returning to the shared work environment and should be monitored regularly with employees who work from home.

2. Inventory Software and Devices

On top of remote management software, you should also be checking for other software employees may have introduced to company devices. Perform a software inventory review on corporate devices as soon as possible. Evaluate whether software is approved or needs to be removed. It is also a good idea to review what devices are on your network to ensure they are approved devices.

Software such as a LogMeIn, TeamViewer, PCAnywhere, etc. should not be leveraged if it isn't managed by the business. If these aren’t configured properly they could be used as an attack vector into the device or even the corporate network. Certain EULA's/licensing may be in violation as well if these are being used for commercial use under a personal license. Contact your employees about what they have installed onto their company devices and do a scan once those devices are safely back on company premises.

3. Establish Protection

It is important to ensure all devices that communicate with the corporate network are routinely protected. That includes malware protection. Next generation anti-virus or endpoint detection and response software should be used to constantly monitor rogue or malicious activity.

Proper configurations, including alerting and monitoring, will assist with informing IT/Security teams immediately. This can help to address any issues but also minimizes the chances of an infected machine spreading to other devices.

4. Understand Limitations

Businesses should prepare for employees and their systems to come back to the office with potential threats, such as malware. This may leave IT and Security staff with limited resources to combat the issues.

Teams should evaluate whether a planned approach will ensure protections exist to identify compromised or infected systems before they can spread to the corporate network. Much like the ability to overwhelm hospitals, IT/Security teams can get overwhelmed during a malware outbreak. Introducing multiple infected devices without the proper protection on them or the corporate network could be devastating to a business.

Take the time to integrate devices back into the network slowly. Be sure scans are done properly, and not rushed to get the office space filled with employees again. Taking a methodical approach to scanning and re-integration may be the key to protecting your business from widespread cyber threats.

5. Prepare Staff

Many employees and businesses have taken certain liberties to ensure their business processes could continue to flow while working from home. These processes may not have been the most secure approach. It's important that any risks that were introduced are identified and mitigated.

Company culture, such as use of personal devices or incorrect data protection, may also have been hindered. Be sure to introduce additional user training once employees do return, to ensure these practices do not continue. This is also a great time to review how prepared your business was before the pandemic and ensure you take steps to be better prepared in case of future disruptions.

Planning out the best process to begin returning to the office should be a discussion between executives and IT/Security staff. Open communication will help them prepare the technical considerations that need to be established so the risk of a virus or other cyber-attack is limited. If you would like help determining the risks your business faces, or other cybersecurity concerns when returning to a shared work space, please feel free to reach out to the experts at Pratum!

What to do about cybersecurity when employees return to the office after COVID-19.

After months of working from home, businesses are starting to consider the return of employees to the office. While there are health concerns being considered during this decision-making process, there are also security considerations that need to be addressed. We’ve put together a list of cybersecurity preparations organizations should start to make now, before they head back to the office.

Why Does Preparation Matter?

You may think heading back to the office would be as simple as grabbing your favorite coffee mug and preparing for morning commutes again. However, the sudden migration of employees from a secured office environment to a home office was no small feat. The transition from home to the office won’t be simple either.

Knowing where to start and how to prepare is key in ensuring the security of the business once people start returning. Being able to prepare now will allow for a smoother switch when the time comes. Your business is only as secure as the employees working for you, so their participation in these steps will be critical to a safe return.

Social Distancing Desks

While this may be due to health concerns, it will have an impact on your office space and devices. If you need to reorganize your work spaces to allow for more distance between employees, you also need to map out where computers and other devices will need to be set up.

Consider creating a floor plan and marking where each employee will go. Talk to your IT department about what adjustments need to be made to the current infrastructure to allow for more space between employees. Let employees know about any relocation coming. Planning ahead and knowing where everyone will be located once they return to the office will help the process be less stressful for the employees and management.

System Scans

Another process you should be preparing for now is scanning any devices that were used for work purposes and are being brought back into the office environment. A full system scan will help detect any threats or security risks that may have been introduced while away from the office. You want to make sure these devices are clear and secured before reintroducing them to the actual network.

Make a list of any and all devices that will be coming back to the office. Make a schedule of when each device will be returning. Then decide how you want to handle the reintroduction phase.

Bring Materials Back

In addition to computers, employees also need to consider what else they brought home that needs to come back to the office. That includes portable media devices, like USB sticks or external hard drives with company data. Remind your staff that anything used for business purposes needs to be returned to the office.

Not only do they need to bring back what they took, they also need to bring whatever they’ve created at home. If documents were taken home or printed, they need to be returned to the office for either filing or shredding.

Also be sure employees are removing any documents or data from devices that will not be returning to the office. It’s important that no business information is left floating around on someone’s home hard drive.

Update Remote Working Standard

If you haven’t already done so, now is a great time to review your Remote Working Standards. This is a list of acceptable use and other rules the organization deems as valid and approved for remote working. That can include who employees need to talk to about working remotely, and more technical controls.

Technical Controls:

  • VPN Connection
  • Multi-Factor Authentication (MFA)
  • Virtual Machines (VMs) or Virtual Desktop Infrastructure (VDI)
  • Patching software, systems, and infrastructure level as well as workstations

You should also examine any other controls that were loosened or changed during this time of transition. Make sure those are reevaluated before returning to the office.

Communicate Every Step

While this time of uncertainty has been difficult on everyone, it is important to instill confidence in your employees by clearly communicating how the process back to the office will work. Clear direction and open lines of communication will help create a more secure environment, and more comfort for employees.

If you have any questions about the steps listed here, feel free to reach out to a Pratum representative today!

Microsoft Exchange Server Vulnerability

A vulnerability discovered in Microsoft Exchange could impact your business’s email accounts, and potentially entire networks. In February of 2020, Microsoft released several security updates to address a vulnerability discovered in the Microsoft Exchange Server (CVE-2020-0688). While a patch has been issued, several Exchange accounts have not been updated and are still at risk.

How it Works

With this vulnerability, CVE-2020-0688, the Exchange server fails to create unique keys during installation. With this, attackers can then utilize this key to deserialize certain information or pass commands.

Definitions-

Serialization: the process of converting an object into a stream of bytes to store the object or transmit it to memory, a database, or a file. Its main purpose is to save the state of an object in order to be able to recreate it when needed.

Deserialization: the reverse process of Serialization; taking the raw data and reconstructing the object model.

In short, this vulnerability would allow a hacker to compromise an entire Exchange environment. This could affect all email and potentially all Active Directory, depending on how the server was implemented. This could also leave businesses the target for APT (Advanced Persistent Threats) attackers who can use the vulnerability to read a company's email store.

Known Impact

The vulnerability that was discovered, and is now being addressed by Microsoft, is more than just a threat. There have been exploitations of this vulnerability discovered. In fact, a Rapid7 scan of the internet in early April found that more than 350,000 Exchange servers were still vulnerable after the patch was released.

Researchers with Kenna Security ran analyses of their own and discovered that of 22,000 internet-facing Outlook Web Access servers, 74% were vulnerable and 26% were potentially vulnerable two months after Microsoft released a patch to address these concerns.

Take Action Now

With Exchange environments being so high in value, security experts are afraid this vulnerability will become a favorite for ransomware attacks. That is why it is important to address the potential risk now. Here are the steps you can take to help reduce risk from CVE-2020-0688.

1. Check your systems to make sure everything has been updated. The patch from Microsoft needs to be installed on any server with the Exchange Control Panel (ECP) enabled.

2. Exchange servers must be running one of the Cumulative Updates listed in the Microsoft Advisory in order for the update to be installed.

CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability

3. Determine whether anyone has attempted exploiting CVE-2020-0688 in your environment. Any account tied to an attempt should be treated as compromised.

If you have not already, it is advised that everyone install the Microsoft patch immediately. If you cannot install the patch, be sure to at least block access to ECP. If you are unsure if your company has been compromised, please reach out to a Pratum cybersecurity expert today.

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688?mkt_tok=eyJpIjoiTXpnM01XTTBPR00wWWpjeiIsInQiOiJFVm9UNzBpSFdQV2Y1c25SUjJjc2ZBT04wUEV1S0dGb0E2QndoV0ZCTXR6RkFMdjBFOGw1THZlU3o4aWdJVG9iTGZ0ZnZ2NXR6OGpVWG14SHBEdFVkRFh2VjNjc3VibDY1dHJEQytlNVppMTh6Y0FveGF6VG9oQ3FRSTNVSnl0YSJ9"}
  • https://www.kennasecurity.com/blog/are-we-patching-cve-2020-0688-fast-enough/
  • https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/?mkt_tok=eyJpIjoiTXpnM01XTTBPR00wWWpjeiIsInQiOiJFVm9UNzBpSFdQV2Y1c25SUjJjc2ZBT04wUEV1S0dGb0E2QndoV0ZCTXR6RkFMdjBFOGw1THZlU3o4aWdJVG9iTGZ0ZnZ2NXR6OGpVWG14SHBEdFVkRFh2VjNjc3VibDY1dHJEQytlNVppMTh6Y0FveGF6VG9oQ3FRSTNVSnl0

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.