Security risk ghost offices

IT security officers had their hands full in the pandemic to securely connect the home office. But there are also risks in abandoned offices or workstation computers that have not been started up for a long time.

At the beginning of the pandemic, many employees fled to the home office – and have stayed there to this day. They left IT systems and networks in the office next to their desk. The unused buildings cost money and are a real risk. Was it possible for someone to break open a lock during the pandemic, step in and join the company network unnoticed? Steal computers and other equipment? Read employees’ passwords on post-its and in notebooks next to their computers? What other dangers are there? So what should security professionals do about it now?

In general, there are two categories of possible vulnerabilities that should be considered when devices are switched off for a long time. First, problems caused by unauthorized access to the orphaned offices. Second, problems that arise from the fact that no one may have managed, patched, or supervised devices for an extended period of time.

Physical Access Risk

The IT of every company should be secured to a certain extent against physical access by unauthorized persons. It is not without reason that the doors of the data center are locked to unauthorized persons. Especially in organizations that manage very sensitive data – authorities, military or pharmaceutical companies – the physical access control is generally much stricter than in the rest of the industry.

However, more customary commercial companies do not necessarily see protection against unauthorized access to internal networks as part of their IT defense. They tend to pass this task on to building security, which secures access with video cameras and access control and is more likely to protect against theft or vandalism. However, due to the rooms abandoned by the pandemic, organizations should include the increased risk of physical break-in in their security strategy. Because a stolen computer and its access data can provide access to company networks. A company’s IT can also integrate cloud-based video surveillance into an overall security concept.

In the case of stolen devices that may have disappeared unnoticed over a long period of time, it can be extremely difficult for security teams if logging logs and information from recorded videos or other important data from analysis systems are no longer available after a while.

Analyze the use of IT in the office during the pandemic

Another danger of unauthorized access in the absence of the workforce is installed malware or eavesdropping systems. Undertaking in the pandemic without proper security measures should consider a basic, aggressive security revision before being able to use the premises and hardware again.

For most other establishments, a plan to safely reopen the rooms should be sufficient. A physical audit of the devices is recommended. It is just as important – if possible – to check who had access to the premises in the past year. Since offices were empty or only sparsely occupied during the pandemic, platforms for security analysis do not find it difficult to locate and investigate any work on the computer and with the company IT from the office during this period.

Devices that have been switched off for a long time are a security risk

Much bigger problems arise when IT resources have been idle for an extended period of time. Administrators cannot remotely manage devices that are switched off and not connected to the network. When users reconnect the systems, they are therefore much more at risk. Critical recent patches or current security software versions are not available. Expired domain credentials and system clocks that are no longer synchronized make devices vulnerable to malware or targeted attacks.

IT managers should therefore plan for the restart before the employees come back to the office. In doing so, they should start each system, update it in a secure environment, and test it before handing it over to the users.

IT devices that have been idle for a long time also tend to fail. When restarting, those responsible should plan for the failure rate of components to be much higher than normal, take additional support requirements into account and have replacement devices ready. Without such precautionary measures, additional security risks may arise, because employees are expected to return to the office prematurely but without protected systems.

The restart after the pandemic needs to be done in advance

Even if the pandemic is over at some point and employees return to the office: It leaves its mark. Companies and organizations whose workforce comes back to the office after a long time in the home office should plan this return well in advance. Because the abandoned buildings could have invited criminals to gain access to the networks. And if this worst case scenario does not occur, systems that have not been used for a year are in themselves a serious security risk that IT can minimize through a planned restart.

In the news

Covered on these news sites. Click on the image to learn more