Back-to-the-office plan: a cybersecurity checklist from Kaspersky

Unfortunately, cybercriminals thought it worked to their advantage, too. With tons of valuable data
employees bring with them on their devices, it could have felt like the best time for these cyber thugs
who found themselves effortlessly stealing from their easy prey.

In 2020, there was an increase globally in the number of people using remote access tools such as
remote desktop protocol or RDP, one of the most popular application-level protocols for accessing
Windows workstations or servers. It also allows access to other device resources and RDP clients are available for all the most used modern OS such as iOS, OS X, Linux, Unix, and even Android.

Originally designed as a remote administration tool, cybercriminals use RDP to penetrate the target
computer by exploiting incorrectly configured settings or vulnerabilities such as weak passwords.
Hacking an RDP connection is lucrative for cybercriminals.

In the same year, there were about 147,565,037 remote desktop protocol (RDP) attack attempts against
users of Kaspersky in Southeast Asia. When the workforce slowly started going hybrid in 2021, the RDP
attack attempts went up a bit to 149,003,835. It was in 2022 when the pandemic restrictions were lifted
and by that time, the RDP attempts spiraled down to 75,855,129 or a plunge of -49% from the previous
year.

"Among our post-pandemic learnings is that flexibility, agility and openness are important to our
sustainability and productivity in business. We are still evolving. Part of this evolution is the resounding
desire of the workforce in Southeast Asia to stay within the hybrid setup, which boils down to our need
for connection and empowerment as humans and we need to acknowledge that" said Yeo Siang Tiong,
general manager for Southeast Asia at Kaspersky.

"Part of listening to what the workforce is asking of us is providing options and support within the
cybersecurity framework for their safe return to office work in any form. For companies, you will still have
to use technology to drive productivity and it will remain this way as things get more and more
sophisticated in the business space," Yeo added.

For the employed, switching to working from home has been difficult enough. After getting used to this
setup for two years, returning to the office may just be as tricky. Companies are in the same
predicament — rolling back some changes would mean jumping through hoops again like how they did
when they deployed these in 2020.

To help stressed IT security managers prioritize, we put together some cybersecurity action items for
businesses:

1. Keep work-from-home cybersecurity workarounds
Whether your workforce is returning from home to office or requires work-related travel, using
virtual private network (VPN) and an advanced endpoint and detection response (EDR) solution
will ensure their safe return to on-site work. Kaspersky Extended Detection and Response or
XDR is a multi-layered security technology that protects IT infrastructure. Whereas EDR focuses
on endpoints, XDR focuses more broadly on multiple security control points to detect threats
more quickly, using deep analytics and automation. XDR creates security efficiencies by
improving detection and response capabilities through unifying visibility and control across
endpoints, networks, and the cloud. It facilitates advanced investigation and threat-hunting
capabilities across multiple domains from a single console.

2. Restore any security controls you disabled for remote workers
To allow remote employees to connect to the corporate network, especially from personal
devices, some organizations weakened or disabled cybersecurity controls such as Network
Admission Control (NAC). NAC checks computers for compliance with corporate security
requirements, such as up-to-date malware protection before granting access to the corporate
network. Upon employees' return to the office, NAC should be turned on to protect the internal
systems in case the machines pose any risks. Organizations need to anticipate such issues and
have a plan that includes resources, deadlines, bug fixes, and maybe even help from IT
integrators.

3. Update internal systems
Don't forget to check internal critical services. The IT security team needs to know if there are
any unpatched servers in the building before letting anyone in. With everyone returning to the
office and connecting their laptops to the corporate network at once, just one unpatched domain
controller can provide broad access to, for example, employee account data and passwords.

4. Get ready to save — and also to pay
Bringing employees back to the office may save employers some money. Companies can
reduce the number of subscription-based cloud solutions or licenses, such as for video
conferencing or electronic signature to bring some services back as local resources. Consider
spending those freed-up budgets on organizing digital workstations so that employees can split
their weeks between office and elsewhere. Remote work technologies like virtual desktops are
much easier to deploy, manage, fix, and protect than remote computers.

5. Save the tools and settings that employees used remotely

Thanks to their pandemic experience, employees have mastered new communication and
collaboration tools for chats, videoconferencing, planning, CRM, and others. If those tools
worked well, employees will want to continue using them. In fact, 74% of Kaspersky's survey
respondents said they want more flexible and comfortable work conditions. Companies should
be prepared either to approve new services or to suggest and defend alternatives. Dedicated
solutions can help organizations manage access to cloud services and enforce associated
security policies. IT security should be a business enabler, not a barrier.

For SMBs and midrange enterprises, Kaspersky in Southeast Asia also has launched a Buy 1 Free 1
promo. Businesses can now enjoy two years of enterprise-grade endpoint protection for the price of 1
with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and
Response Optimum, with 24x7 phone support. Interested customers can reach out to
[email protected].