Home Features Beware of the Return to Office: How Organizations Can Protect Against Pandemic...

Beware of the Return to Office: How Organizations Can Protect Against Pandemic Sleeper Threats

The admins worry that, after a period of being lax about security, employees will bring compromised devices back to the office and expose the company to new threats.

return to office, business, hybrid work

As organizations get closer to implementing return-to-work plans, most employees are excited about getting back into an office routine. They miss their colleagues, their favorite lunch spots, and the on-site corporate culture that can’t totally be replicated over Zoom.

By Rick Vanover, Senior Director of Product Strategy; and Dave Russell, Vice President of Enterprise Strategy, Veeam Software

IT administrators have a slightly different view. They miss all the in-office benefits, too, but for them, the prospect of having employees all get back on the network after a year of remote working is a scary thought. The admins worry that, after a period of being lax about security, employees will bring compromised devices back to the office and expose the company to new threats.

They may have a point. Work computers have played many roles during the pandemic – hosting everything from social gatherings to workouts, online learning sessions, home shopping, and Netflix streams. Family members have borrowed Mom’s computer to play online games, and passwords have been passed around. Cyber diligence has taken on a lower priority than it should have.

Cybercriminals are well aware of how insecure employee environments have been. They struck with a round of phishing attacks during the spring 2020 lockdown period. Now, administrators are concerned that hackers might implant vulnerabilities in unsecure laptops and unleash them once employees reconnect with a wider array of resources inside the corporate network.

Some companies did a good job getting ahead of security threats. When remote working became standard practice, some were able to issue company standard devices with regularly patched antivirus security. But the majority found themselves scrambling to enable quick and adequate working-from-home setups that didn’t require regular updates, patches, and security checks.

A cybersecurity survey conducted in February reflects just how unprepared enterprises appear to be for the return-to-work security threat. Of those surveyed, 61% used their own personal devices – not work-issued computers – at home. Only 9% used an employer-issued antivirus solution, and only 51% received IT support services while transitioning to remote workstations.

Administrators are bracing for trouble. They’re bringing large numbers of potentially unsecured devices back into the fold at the same time they’re preparing to accommodate a new normal based on hybrid home/office staffing. According to Veeam’s Data Protection Report, 89% of organizations increased their cloud services usage significantly as a result of remote work, and the trend is expected to continue, meaning there will be more endpoints to protect.

So, how can organizations prepare for this transition? Here are a few steps they can take:

Undergo rigorous return-to-work preparation

This is essentially the step where IT administrators physically go through all the affected resources and ensure they’re ready to re-enter the game.

Start by carrying out risk assessments for each employee and each device. Which devices have been patched and regularly maintained? Computers used for remote working are likely to have confidential company data on them; where has the company data been saved, and under which account? These checks need to be performed to minimize risk and make sure compliance standards like General Data Protection Regulation (GDPR) are being maintained.

Also, check to see if employees have given away passwords to family members using work computers. Did employees change their passwords? Did they use the same passwords across work accounts and personal accounts? Did they install any new software or remove any during the remote work period? Administrators need to know before they let employees back on their networks.

Next, make sure to scan all relevant devices for unauthorized apps and software. Employees needed to get creative with work solutions, so they may have tapped resources that help them get through everyday tasks but aren’t up to security standards. Run endpoint detection scans on all returning devices to uncover any hidden vulnerabilities. Cybercriminals often target endpoints, so IT teams need to scan all corporate and personal employee devices that will be brought back to the network.

Improve employees’ digital hygiene

While employees may have let their proverbial hair down during remote work, they’ll need to rededicate themselves to proper digital hygiene. Push them to use separate passwords for home and work devices. And make sure they’re using conventions that are complex and hard-to-crack. Bring back regular training to ensure that they’ll be able to spot phishing emails and other threats. Set up guidelines for using public wi-fi and for downloading materials. As employees return to work, it’s up to the administrators to refine IT practices, one by one, to protect against the top threats in the organization.

Monitor all activities

The best way to spot problems is to set up a system to flag them as they happen. This practice can be applied to workers’ tools – and behaviors – as they reintegrate themselves with all of the company’s applications. Take advantage of monitoring tools that track changes in usage and applications. If an employee makes a change in an application, you’ll want to know. It could be a bug altering a piece of code. Or it could be a change that you made – purposefully or inadvertently – that you’ll want to reset. Get in the habit of checking your monitoring tools at least a couple of times a day. It takes a minute, but it allows you to continually reassess your cybersecurity footprint.

Ensure cloud data management and backups are sound

This is a time for IT administrators to make sure all data management and backup services are in good order. If a rogue device does put any data at risk, you’ll want to make sure to have backups in service and programmed with practices that will ensure that the data in question is protected and fully available. Keeping the so-called “3-2-1 rule” in mind: Make sure to maintain at least three copies of business data, store critical business data on at least two different types of storage media, and keep one copy of the backups in an off-site location. To that, in the ransomware era, we’d expand 3-2-1 to 3-2-1-1-0: Adding another one to the rule where one of the media is offline, and ensuring that all recoverability solutions have zero errors.


While IT administrators are looking forward to water-cooler talk and on-site collaboration as much as anybody else, they’re understandably concerned about the cybersecurity implications of a more broad-based return to work. It could be a challenge. But with proper planning and follow-through, enterprises can manage the risk and solidify their strategies for protection going forward.

About the Authors

Rick VanoverRick Vanover (Cisco Champion, VMware vExpert) is Senior Director of Product Strategy for Veeam Software based in Columbus, Ohio. Vanover’s experience includes system administration and IT management; with virtualization, cloud, and storage technologies being the central theme of his career recently. As a blogger, podcaster, and active member of the IT community, Vanover builds relationships and spreads excitement about Veeam solutions. Before becoming the “go-to” guy for Veeam questions, Vanover was in system administration and IT management.  His community designations include VMware vExpert and Cisco Champion.

A 28-year veteran in the storage industry, Dave Russell recently joined Veeam as its new Vice President of Enterprise Strategy, responsible for driving strategic product and go-to-market programs, spearheading industry engagement, and evangelizing Veeam’s vision for the Hyper-Available Enterprise at key events across the globe, and working with the Executive Leadership team in accelerating the company’s growth in the enterprise. Russell most recently held the role of Vice President and Distinguished Analyst at Gartner. His research focus at Gartner was on storage strategies and technologies, with an emphasis on backup/recovery, snapshot and replication, software-defined storage (SDS), and storage management. He was the lead author of the Magic Quadrant for Data Center Backup & Recovery Solutions from 2006 to 2017. Prior to joining Gartner, Russell spent 15 years at IBM in storage product development as a Software Engineer in mainframe backup/recovery and as a manager of product development, architecture, and strategy teams for distributed systems backup/recovery, and storage solutions.


Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

Previous articleNSW Government Proposes Mandatory Notification of Data Breach Scheme
Next articleDid Apple choose to keep mum about the XcodeGhost malware attack affecting 128Mn iPhone users?