With all the talk about “turning the economy back on” we need to think about what that looks like from an information security perspective. Whether it’s this summer or after the first of the new year, at some point, computers that have been in home offices will return to the workplace. Security pros will have a lot to think about and now it’s time to do some early planning.
It’s likely best to use a risk-based approach combined with a careful reintegration onto the corporate network. Capacity planning and thinking through the processes will also pay dividends later.
Clearly, we’re not in a normal situation. In many instances, it’s plausible that laptops and desktops sent home for remote work have been used for purposes other than company work, used by other members of the employee’s family and been connected to unknown networks with nonexistent controls. Bringing the computers used at home during the shutdown into a corporate or government environment may introduce compromised systems into the network and result in undesirable outcomes. This situation resembles a supply chain attack in which bad threat actors will compromise a poorly protected entity and leverage networks of trust to gain access to the actual target.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.