COVID isn’t the only virus employees could be bringing back into the office

cybersecurity

A virus may be the biggest threat to in-person office reopenings, in more ways than one.

After more than a year of remote work from makeshift home offices, employees are finally physically returning to their desks, along with the personal devices they’ve been depending on in the absence of their work-issued desktops and laptops. And as harmless as a computer may seem, companies should be putting in the same effort into protecting their network’s health as they are that of their workers.

“Organizations need to know what types of [devices] are accessing their core applications and make sure that whatever they are, they’re truly secure,” says Bert Kashyap, co-founder and CEO of cybersecurity firm SecureW2. “Apps don't discriminate — when you go into your Gmail account from your work laptop versus your personal laptop, it still lets you in.”

Read More: How to protect your organization from internal and external threats to cybersecurity 

Over half of IT leaders believe that employees have picked up bad cybersecurity habits over the pandemic, according to a survey by software company, Tessian — and with 40% of employees planning on bringing their personal computers into the office, IT decision makers are getting increasingly more worried remote workers will also bring infected devices and malware.

Unlike company-issued computers — which normally come fully equipped with top of the line data loss and intrusion prevention and detection software, as well as various types of malware detection systems as per corporate policy — personal devices don’t always have the same safety net.

The challenge for companies will be implementing the right kind of checks and balances for personal devices, according to Kashyap. That needs to happen before employees connect to the network and are granted access to sensitive information.

“Ideally an employee [could use] their personal device,” Kashyap says. “But the corporation would have a chance to determine what their level of threat is and set some policies centrally and make sure those policies are enforced.”

Read More: Everyday tech — even printers — needs cybersecurity protection 

Without these precautions, companies will be left vulnerable to cybersecurity breaches that can — and will — spread to other systems once the compromised device connects to the shared network, Kashyap warns.

The majority of IT leaders believe that ransomware attacks — which are viruses that demand payment to re-release the information that was hacked — and targeted phishing emails will be a greater concern in a hybrid workplace, according to Tessian. That’s due, in part, to the fact that one in three workers think they can get away with riskier security behavior from their personal devices and 27% of workers are afraid to tell IT when they’ve made a security mistake.

Not only are cybersecurity breaches expensive to fix — the average cost of a malware attack for a company is over $2.5 million, according to cybersecurity testing platform company Cobalt — their damage is expansive, extending to critical employee benefit information such as HIPAA applications.

Read More: Data breaches are putting client data at risk. Here’s what advisers can do 

Addressing cybersecurity protection is best done in a layered approach, according to Kashyap. First companies should decide what information can be accessed by personal devices and what information should only ever be accessed by a controlled, work-issued device. Companies can then begin implementing other levels of precautions such as user identity trusts — which refers to means for employees to identify themselves when logging into a server — and device trusts, which is a means for the device itself to be deemed trustworthy and secure.

“We’ve seen a lot of substantive growth in the cybersecurity space,” Kashyap says. “Already large enterprises are doing substantial amounts of [prevention] — organizations that I never would have thought would have implemented these things just three years ago.”

For reprint and licensing requests for this article, click here.
Cyber security Workplace management Workplace safety and security Malware
MORE FROM EMPLOYEE BENEFIT NEWS