Beware of the Return to Office: How Organisations Can Protect Against Pandemic Sleeper Threats


As organisations get closer to implementing return-to-work plans, most employees are excited about getting back into an office routine. They miss their colleagues, their favourite lunch spots, and the on-site corporate culture that can’t totally be replicated over Zoom.

IT administrators have a slightly different view. They miss all the in-office benefits, too, but for them the prospect of having employees all get back on the network after a year of remote working is a scary thought. The admins worry that, after a period of being lax about security, employees will bring compromised devices back to the office and expose the company to new threats.

They may have a point. Work on computers have played many roles during the pandemic – hosting everything from social gatherings to workouts, online learning sessions, home shopping and Netflix streams. Family members have borrowed Mom’s computer to play online games, and passwords have been passed around. Cyber diligence has taken on a lower priority than it should have.

Cyber criminals are aware of how insecure employee environments have been. They struck with a round of phishing attacks during the 2020 lockdown period. Now, administrators are concerned that hackers might implant vulnerabilities in unsecure laptops and unleash them once employees reconnect with a wider array of resources inside the corporate network.

Some companies did a good job getting ahead of security threats. When remote working became standard practice, some were able to issue company standard devices with regularly patched antivirus security. But the majority found themselves scrambling to enable quick and adequate working-from-home setups that didn’t require regular updates, patches and security checks.

A cybersecurity survey conducted in February reflects just how unprepared enterprises appear to be for the return-to-work security threat. Of those surveyed, 61% used their own personal devices – not work-issued computers – at home. Only 9% used an employer-issued antivirus solution, and only 51% received IT support services while transitioning to remote workstations.

Administrators are bracing for trouble. They’re bringing large numbers of potentially unsecured devices back into the fold at the same time they’re preparing to accommodate a new normal based on hybrid home/office staffing. According to Veeam’s Data Protection Report, 89% of organisations increased their cloud services usage significantly because of remote work, and the trend is expected to continue, meaning there will be more endpoints to protect.

So, how can organisations prepare for this transition? Below are a few steps they can take.


This is essentially the step where IT administrators physically go through all the affected resources and ensure they’re ready to re-enter the game.

Start by carrying out risk assessments for each employee and each device. Which devices have been patched and regularly maintained? Computers used for remote working are likely to have confidential company data on them; where has the company data been saved, and under which account? These checks need to be performed to minimise risk and make sure compliance standards like General Data Protection Regulation (GDPR) is being maintained.

Also, check to see if employees have given away passwords to family members using work computers. Did employees change their passwords? Did they use the same passwords across work accounts and personal accounts? Did they install any new software or remove any during the remote work period? Administrators need to know before they let employees back on their networks.

Next, make sure to scan all relevant devices for unauthorised apps and software. Employees needed to get creative with work solutions, so they may have tapped resources that help them get through everyday tasks but aren’t up to security standards. Run endpoint detection scans on all returning devices to uncover any hidden vulnerabilities. Cybercriminals often target endpoints, so IT teams need to scan all corporate and personal employee devices that will be brought back to the network.


While employees may have let their proverbial hair down during remote work, they’ll need to rededicate themselves to proper digital hygiene. Push them to use separate passwords for home and work devices. And make sure they’re using conventions that are complex and hard-to-crack. Bring back regular trainings to ensure that they’ll be able to spot phishing emails and other threats. Set up guidelines for using public wi-fi and for downloading materials. As employees return to work, it’s up to the administrators to refine IT practices, one by one, to protect against the top threats in the organisation.


The best way to spot problems is to set up a system to flag them as they happen. This practice can be applied to workers’ tools – and behaviors – as they reintegrate themselves with all of the company’s applications. Take advantage of monitoring tools that track changes in usage and applications. If an employee makes a change in an application, you’ll want to know. It could be a bug altering a piece of code. Or it could be a change that you made – purposefully or inadvertently – that you’ll want to reset. Get in the habit of checking your monitoring tools at least a couple of times a day. It takes a minute, but it allows you to continually reassess your cybersecurity footprint.


This is a time for IT administrators to make sure all data management and backup services are in good order. If a rogue device does put any data at risk, you’ll want to make sure to have backups in service and programmed with practices that will ensure that the data in question is protected and fully available. Keeping the so-called “3-2-1 rule” in mind: Make sure to maintain at least three copies of business data, store critical business data on at least two different types of storage media and keep one copy of the backups in an off-site location. To that, in the ransomware era, we’d expand 3-2-1 to 3-2-1-1-0: Adding another one to the rule where one of the media is offline, and ensuring that all recoverability solutions have zero errors.


While IT administrators are looking forward to water-cooler talk and on-site collaboration as much as anybody else, they’re understandably concerned about the cybersecurity implications of a more broad-based return to work. It could be a challenge. But with proper planning and follow-through, enterprises can manage the risk and solidify their strategies for protection going forward.

Article By Rick Vanover, Senior Director for Product Strategy and Dave Russell, Vice President of Enterprise Strategy