As summer approaches and COVID-19 vaccination rates rise, organizations have signaled they will gradually move staff back into offices in an attempt to return to some sense of normalcy. However, the most likely scenario to play out for the foreseeable future is a hybrid work environment where employees split time between home and corporate offices.
Below are six best practices cyber-security and compliance professionals should consider to facilitate a smooth and secure transition to a reimagined office.
- Protect privacy and security in shared workspaces. Given significant real estate moves, consolidations, and reconfigurations, the offices employees return to this summer are likely to be physically much different than the ones they left in March 2020. In addition to temperature checks and elevator spacing protocols, employees might be settling into new floors or buildings that have been updated to increase the physical distance between workers and offer “hot desking” or “open desking” where employees from various business units sit together. Routine discussions of sensitive information—including HR reviews, internal investigations, highly confidential trading data, material nonpublic information, and earnings projections—will happen, so security teams must consider how best to stagger or separate employees to prevent exposure.
- Update hardware inventories. The pandemic necessitated quick and nimble action from firms to ensure their remote workforce had all the right hardware to perform their roles effectively—from laptops and phones to webcams and printers. With a return to the office, new hardware like enhanced videoconferencing devices and dedicated terminals must be managed appropriately. Ensuring inventories of physical hardware are updated to include newly deployed office infrastructure as well as the home office kit provided during the last year is essential. An accurate inventory will serve as a baseline against which to manage recently issued, lost, or stolen devices. Inventories also support related IT processes like the application of operating system updates and security patches.