Mitigating security risks when returning to the office

It’s over a year ago that companies all over the globe kickstarted an unprecedented mission to shift their organisations online and become fully-remote. Caught by surprise, IT departments scrambled to ensure staff were accommodated to work from home for the foreseeable, inevitably leading to a lot of security concerns. Are our VPNs up-to-scratch? How do we ensure everyone completes mandatory software updates while away from the office? And for those who have managed to survive the year without being subject to any serious security threats, these teams now face a brand new challenge as the UK prepares to return its workforce back to the office.

In an ideal world, most of us would be making use of Zero Trust Networking (ZTN) or Secure Access Service Edge (SASE) for accessing our systems and apps, making the transition in and out of the office for most workers effortless, but very few of us are there yet. If we still have a perimeter, we will need to approach reintegration with care, as our devices and data have been outside the reach of management tools. To help with this, here are some ideas on how to manage a few common situations we can expect to see in the post-pandemic office:

Enforcing updates

With the majority of the workforce stuck at home, many IT teams lost the ability to enforce crucial updates. To help with this, consider applying a slightly restricted quarantine LAN to isolate those particular devices, giving your team a chance to check their security before incorporating them into the corporate LAN environment. This would be very easy to do using the guest Wi-Fi function of your wireless network, whilst enabling productivity to continue with the added safety of being able to quickly block or disconnect misbehaving devices.

Overcoming the pandemic era with a solid business continuity plan

Simon Bennett, CTO EMEA at Rackspace Technology, discusses how organisations can overcome the pandemic era with a solid business continuity plan. Read here

It’s child’s play… or more it shouldn’t be

It was inevitable with the amount of Zoom quizzes, online classes and available streaming services that, throughout the lockdown, your employees may have been using their devices for other purposes. Checking the integrity of company devices will be critical when returning to the office, so I recommend running full system scans using your endpoint security product, on top of ensuring all OS and application updates are completed.

It might also be prudent to check for the installation of games, chat, social media and other tools that may have been needed as a work around, but now should no longer be needed. When it comes to software, less is more.

Lurking in the shadows

Shadow IT is a problem at the best of times and, to be honest, you have to admire the ingenuity of employees doing what they can in a time of crisis to get their job done. However, this could well, of course, have led to well-intentioned employees downloading something that they really should not have. For this, consider an IT amnesty program. Ask employees to share what tools they have had to download themselves while away that weren’t accessible or provided by IT. On top of getting a better sense of what to expect, this presents a perfect opportunity to learn where the gaps in your remote work strategy are and be sure to get sensitive data identified and brought back in where it can be protected and controlled. For example, apps and services like Dropbox, Facebook Messenger, WhatsApp, Slack and Google Docs will be commonly found across many devices.

How to achieve unified communications during lockdown

How can unified communications be effectively achieved while lockdown continues to keep employees away from the office? Read here

Heads were most definitely in the Cloud

For users without VPN access to company file shares (be it new starters, freelancers, etc.), the use of personal cloud services and removable media will likely have been utilised. This is to be expected, as IT teams will have been stretched thin for the first few months of home working, trying to ensure everything was running smoothly. Going forward, work toward the elimination of these devices as a whole, as they are difficult to encrypt and easy to lose. Be sure everyone knows about your organisation’s cloud storage service and help staff move any documents stored on personal devices or clouds to the officially sanctioned tools.

Compliance with the Data Protection Act can be difficult at the best of times, so the importance of this process should be explained to staff. Similar to the app amnesty program, people should feel comfortable coming forward to ensure protection of your data is treated with the respect it deserves.


As more people become vaccinated, the pressure to send employees back to the office has been growing with each passing day, signalling a tough job ahead for even the most seasoned IT professional. However, I see this as an excellent opportunity to implement new policies, embrace more secure modern tools that enable remote/hybrid working, and maybe even cut down on the amount of work travel as we become more accustomed to online meetings. The goal here for any IT team is to avoid unsuspecting carriers introducing any unwanted guests which could severely damage your network. Take the time needed to ensure everyone can return with ease without fear of a compromised machine sending your organisation back to square one.

Written by Chester Wisniewski, principal research scientist at Sophos

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at