[SANS ISC] 5 Things to Consider Before Moving Back to the Office, (Wed, Aug 18th)

Many readers will likely continue to enjoy working from home. Having not worked out of an office for about 20 years myself, I can certainly understand the appeal of working from home. But for some, this isn’t an option and probably not even the preferred way to work. Having likely worked from home for over a year now, there are some things that you need to “readjust” as you are moving back.

1 – VPN Use

While working from home, many of us use VPNs. VPNs keep us linked to the corporate network. Some may even have used hybrid solutions like SASE (Secure Access Service Edge) solutions that consider that you are not actually connecting to a corporate network but instead to various cloud solutions. Returning to the office, you will no longer need these overlay networks, and it may make things slow (or even break in some cases) if you leave it enabled. This, of course, assumes that you will be using the same device at your office desk that you used at home.

2 – Content Transfer

So what if you will be keeping a computer at home and a second computer at work? Consider how you will synchronize files. Hopefully, your organization already has some form of central storage that can be used to move files around. It is never a good idea to keep files just in one location, particularly on a portable device in someone’s home. It is not just theft you are worried about, but a simple coffee spill or a cat tripping over a power cable could destroy a lot of work.

If you are halfway organized, synchronizing your documents via cloud tools is pretty straightforward. What tends to be a bit more tricky is to synchronize configurations. In the past, I used the same computer while at home and while traveling. But over the last year, I switched to a stationary desktop setup at home and switched email clients. I still used my laptop occasionally, but much less. As I started to travel these last couple of weeks, I noticed that I never configured my laptop’s email client correctly.

If possible, it may make sense to carry your home office device with you to the corporate office until all the kinks are worked out. That way, you can always set up a simulated home office.

3 – Device Configurations

Another thing I had to do as I started to travel again was to review my device configurations. At home, I am more relaxed about how many devices are configured. But while on the road, I tend to be more careful about options like WiFi or Bluetooth and other security settings. I had to review them and make sure my “traveling devices” were configured correctly. And while you may not need a VPN to connect to a corporate network while working from an office, you may need one to connect back home or to other resources. I had to make sure my home VPN server was set up correctly and tested as I hadn’t used it much at all for over a year. 

4 – System Misconfiguration Creep

The old IT rule, “If it isn’t tested, it doesn’t work,” still applies. There are likely many configurations and systems that have not seen much use over the last year. You may have deployed servers or migrated to cloud services and never used them from your office network. Are access control rules set up correctly? Maybe you only set them up for VPN access and not for access from the corporate network directly. A lot of organizations migrated more and more to cloud services while everybody was out of the office. How will your office network firewalls deal with the added number of outbound connections? I could tell you to test ahead of time carefully, but you will likely miss something. So the best advice is: Expect some things to break. The simulated home office may help.

5 – and buy some shoes before heading back.

Anything I missed?


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ZDNet] Chrome 91 will warn users when installing untrusted extensions

All posts, ZDNet

Developers who are new to the Chrome Web Store can also expect to wait several months before being considered ‘trusted’ within the Chrome browser. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ESET] Hundreds of suspected criminals arrested after being tricked into using FBI‑run chat app

All posts, ESET feed

Law enforcement around the world used a messaging app called AN0M to monitor the communications of alleged criminals The post Hundreds of suspected criminals arrested after being tricked into using FBI‑run chat app appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[HackerNews] Experts Shed Light On New Russian Malware-as-a-Service Written in Rust

All posts, HackerNews

A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts. Dubbed “Ficker Stealer,” it’s notable for being propagated via Trojanized web links Source: Read More (The […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.