COVID-19: When it’s all over

Welcome to part five of our six-part blog series based on our recent whitepaper entitled ‘COVID-19: A biological hazard goes digital.’ If you haven’t read the first four parts of this blog series, you’ll find them in the insights tab (via our blog page) on our website here. Be sure to check them out!

Over the last four blogs, we’ve explored how the coronavirus hasn’t just gripped the health community, but also businesses of all size and sector (and the cybersecurity community by proxy). Hackers have used the pandemic as the perfect lure to create fear, uncertainty and doubt amongst anxious citizens looking for answers to an unprecedented world event. We looked at some of the clever methods hackers have been using to catch people unaware, how the scale of the attack has changed the emergent threat model, and how Orange Cyberdefense proposes that businesses rally together to act and react rationally to the cyber element of COVID-19.

At some point in the foreseeable future, life will return to relative normalcy. This means employees packing up their devices and making the commute back to offices. In this blog, we take a look at what that means practically from an IT and security perspective.

There are three main things we expect businesses will see when employees make the exodus back to their respective workplaces:

By the time we’re all back at our desks, we’ll have been away from the office for at least two or three months. It’s not unreasonable, therefore, to expect the upkeep of systems and infrastructure to have been put on the back burner during this time. Expect metaphorical rust and disrepair and make a plan to address this in order to get back up and running quickly and effectively. Cached data like endpoint logs, backups or backdated updates may be pushed all at once when users connect to the network again. This could cause additional strain on your already neglected infrastructure. It would be wise to consider staging the return of employees so any kinks can be identified and addressed without too much disruption on business operations.

So, you’ve had your workforce operating remotely for months. It’s likely that during that time, your employees have been storing documents and data locally, unlike centrally to a server when in the office. When returning to the office, the priority should be creating safe and reliable locations ready for users to dump their data into enterprise repositories. This will reduce your reliance on single points of failure, and ensure no data or information has been left unaccounted for.

Unless you’ve been able to proactively address some of the fundamental challenges of endpoint protection, detection and vulnerability management during the lockdown period, it’s highly likely that some enterprise mobile endpoints will return to the office in a compromised state. It’s not uncommon for this to happen, but will present a new challenge to businesses given the scale of potentially compromised devices re-connecting to corporate networks.

While there is no single solution to address this risk, it’s worth thinking about a staged program of return to the workplace, which would allow IT and security operations to break down the challenge into more digestible chunks. There are various endpoint security technologies – like Network Access Control (NAC) – that allow endpoints to be isolated and checked for compliance before they fully connect to a corporate network. If possible, re-provisioning endpoints from a safe and current build standard could also be useful.

One of the many ways that COVID-19 is unique is in its global effects. Typically, companies plan for localized or regional outages, not global ones affecting themselves, their employees and also stretching back through supply chains across the world. Understanding that every company’s response will be unique is important. This is where a service provider like Orange Cyberdefense can help you do the thinking and map out the most appropriate and effective response.

In the final installment of our six-part blog series on COVID-19, we’ll conclude with a look at how the digital crisis within the global health crisis will make us rethink our cybersecurity game plan in the longer term, for the better.

Research paper available