[SANS ISC] 5 Things to Consider Before Moving Back to the Office, (Wed, Aug 18th)

Many readers will likely continue to enjoy working from home. Having not worked out of an office for about 20 years myself, I can certainly understand the appeal of working from home. But for some, this isn’t an option and probably not even the preferred way to work. Having likely worked from home for over a year now, there are some things that you need to “readjust” as you are moving back.

1 – VPN Use

While working from home, many of us use VPNs. VPNs keep us linked to the corporate network. Some may even have used hybrid solutions like SASE (Secure Access Service Edge) solutions that consider that you are not actually connecting to a corporate network but instead to various cloud solutions. Returning to the office, you will no longer need these overlay networks, and it may make things slow (or even break in some cases) if you leave it enabled. This, of course, assumes that you will be using the same device at your office desk that you used at home.

2 – Content Transfer

So what if you will be keeping a computer at home and a second computer at work? Consider how you will synchronize files. Hopefully, your organization already has some form of central storage that can be used to move files around. It is never a good idea to keep files just in one location, particularly on a portable device in someone’s home. It is not just theft you are worried about, but a simple coffee spill or a cat tripping over a power cable could destroy a lot of work.

If you are halfway organized, synchronizing your documents via cloud tools is pretty straightforward. What tends to be a bit more tricky is to synchronize configurations. In the past, I used the same computer while at home and while traveling. But over the last year, I switched to a stationary desktop setup at home and switched email clients. I still used my laptop occasionally, but much less. As I started to travel these last couple of weeks, I noticed that I never configured my laptop’s email client correctly.

If possible, it may make sense to carry your home office device with you to the corporate office until all the kinks are worked out. That way, you can always set up a simulated home office.

3 – Device Configurations

Another thing I had to do as I started to travel again was to review my device configurations. At home, I am more relaxed about how many devices are configured. But while on the road, I tend to be more careful about options like WiFi or Bluetooth and other security settings. I had to review them and make sure my “traveling devices” were configured correctly. And while you may not need a VPN to connect to a corporate network while working from an office, you may need one to connect back home or to other resources. I had to make sure my home VPN server was set up correctly and tested as I hadn’t used it much at all for over a year. 

4 – System Misconfiguration Creep

The old IT rule, “If it isn’t tested, it doesn’t work,” still applies. There are likely many configurations and systems that have not seen much use over the last year. You may have deployed servers or migrated to cloud services and never used them from your office network. Are access control rules set up correctly? Maybe you only set them up for VPN access and not for access from the corporate network directly. A lot of organizations migrated more and more to cloud services while everybody was out of the office. How will your office network firewalls deal with the added number of outbound connections? I could tell you to test ahead of time carefully, but you will likely miss something. So the best advice is: Expect some things to break. The simulated home office may help.

5 – and buy some shoes before heading back.

Anything I missed?


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[HackerNews] [eBook] Guide to Achieving 24×7 Threat Monitoring and Response for Lean IT Security Teams

All posts, HackerNews

If there is one thing the past few years have taught the world, it’s that cybercrime never sleeps. For organizations of any size and scope, having around-the-clock protection for their endpoints, networks, and servers is no longer optional, but it’s also not entirely feasible for many. Attackers are better than ever at slipping in undetected, […]

Read More

[ThreatPost] COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate

All posts, ThreatPost

COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors. Source: Read More (Threatpost)

Read More

[BleepingComputer] Microsoft’s next generation of Windows — What we know so far

Microsoft will soon reveal their next generation of Windows at an upcoming press event later this month. Here is what we know so far about Microsoft’s new version of Windows. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.