In association with Mitigo: 10 top tips to help firms avoid a cyber incident and reduce the risk of a breach when returning to the office

The move to remote working caused a spike in firms falling victim to damaging cyberattacks, including ransomware and email account takeover. I now fear, as staff start to return to the office, that even bigger issues may lie ahead for firms.

The things which would keep me awake at night are (1) malicious software being introduced back into the office by “dirty” devices; (2) security protection failing, leaving known vulnerabilities; (3) data being lost or compromised in the move; and (4) staff bringing digital behaviour into the office that is inappropriate and dangerous for the organisation.

If you are worried about this, please read carefully this top 10 priority checklist:

  1. Staff cybersecurity refresher training should be issued prior to office return, and browser controls should be reviewed/tightened.
  2. Work laptops, computers, and drives (including USBs) should have a full anti-virus scan before returning.
  3. Work mobile phones, laptops and computers should be brought up to the latest OS versions.
  4. Once reconnected to the secure network, ensure that anti-virus software has updated and is reconnected to its
    central control.
  5. Personal computers and phones should only be connected to a properly separated guest wi-fi.
  6. Automated software and OS updates processes need to be reviewed and re-enabled as necessary.
  7. Remote connection software and ports should be removed, retained by exception only.
  8. Personal data and confidential information must be consolidated to follow existing company policy. Check for temporary use of cloud collaboration platforms.
  9. Backup configuration needs to be reviewed to ensure it is working effectively and securely.
  10. Local and external firewall configuration should be checked, ensuring alerting is directed appropriately.

There is, of course, more to do, but if you do this top 10 well, it will dramatically reduce your risk. If you do not understand any of the above, please seek appropriate advice from a cybersecurity specialist.

This article was produced by Mitigo. Take a look at its full service offer: www.lawscot.org.uk/members/member-benefits/professional-legal-services/mitigo-cyber-data-security/

For more information contact Mitigo on 0131 564 1884 or email lawscot@mitigogroup.com

The Author

David Fleming, Chief Technology Officer at Mitigo

Share this article
Add To Favorites