Device decay is the biggest cyber security threat for businesses post-lockdown, says Daniel dos Santos, Research Manager, Forescout Research Labs.
As coronavirus restrictions lift and teams gradually return to the office, companies are negotiating what this means for their business and processes. The move back to in-person working is of particular concern for IT teams, who are being faced with an influx of new and returning devices that bring with them acute cybersecurity risks. If companies want to protect themselves post-lockdown, they need to ensure their security controls and solutions are able to meet this threat.
Device decay is one of the biggest challenges that companies are wrestling with, though few are openly discussing it. When electronic devices are away from the office for an extended period of time, their security begins to ‘decay’ due to less frequent, rigorous IT checks, poorer security hygiene and the lower likelihood of patches being installed. This means their security is compromised and, as soon as they are reintroduced into a corporate working environment, they offer bad actors a back door into a company’s network.
It’s not simply devices that have been taken away from the office that pose a threat. As offices open up, businesses are likely to welcome new devices onto their corporate networks that have never previously had stringent security checks. Added to this, in-office devices that have lain dormant are getting fired up once more and workers may not think to install the latest security patches before using them again. Having strong security systems and checks in place is paramount if companies don’t want to let malware into their office environment along with their teams.
Steps businesses must take to mitigate risks
Firstly, companies need to ensure they have full visibility of all devices on their network and are able to monitor their activity in real time. IT teams need to invest in software that gives them instant, granular visibility into device type, operating system, make and model, as well as the programmes that are running on each device, who the devices are communicating with and an assessment of their network connection state. This means that any suspicious activity can be instantly flagged and addressed before damage can be done.
Next, they must continuously enforce updates and patches on all their devices. There is security software available that companies can use to not only automate the process, but also reduce SecOps stress. This software will ensure that existing security agents – such as anti-virus, EDR, UEM and patch management – are installed, running and up-to-date on transient devices, before they are allowed full network access. If devices are not fully compliant, their operations will be contained to a segmented ‘quarantine zone’ which limits their network access until the problems have been remediated. This means that any unaddressed weaknesses from outdated security software or dormant malware cannot pose a threat to the entire network.
Finally, businesses should ensure that these security measures are properly reflected in official company policy. All employees need to be aware of security protocols and the reasons they have been implemented, so there is no internal friction and staff do all they can to assist with protection. This also ensures that as a company grows and expands their operations, security remains consistent across the board.
The new world of hybrid work means that businesses need to be continuously implementing these steps if they want to keep bad actors at bay. Devices will be constantly moving on and off a company’s network, as an employee might typically come into the office one day, spend the morning of the next at home, and work at a coffee shop in the afternoon.
As the return to office continues to become reality, companies must remain constantly vigilant on device security and ensure they’re fully prepared to deal with ongoing device decay. Instant device visibility, continual network monitoring and regularly enforced updates are just some of the practices businesses must continue to implement longer-term, if they want to protect themselves from the growing cyber security threats now facing our working world.
