Returning to the office? Here's your five-step cyber prep list
The switch from business office to home office happened rapidly, with little time for planning or preparation, and the result was like the proverbial airplane built while flying. Understandably, that may have left some gaps in your business operations, particularly in the area of cybersecurity. As many of us are returning to the office, now is a good time to take stock of your cyber hygiene.
Here are five ways to make your transition as smooth and secure as possible.
- Communicate your policies.
For many firms, hybrid models where employees split time between working remotely and in-person will be a part of the future. Switching back and forth between workstation set-ups can create the temptation to file-share and email using personal accounts or save documents to removable media. This can introduce a great deal of risk, and it may be beneficial to err on the side of caution and ban these practices. Decide if this will be permissible and make your policies clear to your staff.
- Double check your details.
Another potential consequence of the hybrid environment is an increase in cybercrime. Patrick Hennessey, Director of Technology Consulting, tells advisors that now more than ever "cybercriminals are looking to exploit the changing environment." One scam in particular—altering the destination details of an asset transfer requested via email—seems to be on the rise. This can occur when one party's email account has been compromised. Hennessey recommends that advisors verify not only the authenticity of the request itself but also the destination details. Clients should review wire instructions or other disbursement details to make sure that requests reflect the desired instructions and that funds will reach the intended destination.
- Update your devices.
Do you have equipment that was left in the office? If so, those devices may not have been scanned, updated, or patched. Make sure that the latest security updates have been applied to the operating system and all applications.
- Scan for software.
If your devices are not locked down to prevent users from installing new programs, they may now contain unauthorized applications and software. Take the precaution of scanning for and removing rogue apps before allowing users to connect to your business network. Once all of your devices are clean, take steps to prevent this from happening again. Reserve the right to install new software for the appropriate administrators at your firm.
- Update your inventory.
We know that many advisors needed to purchase additional hardware to facilitate new work-from-home setups. Add those new laptops, webcams, and mobile devices to your hardware inventory. If you added any new third-party vendors or cloud-based platforms, you need to track those as well. Don't have an inventory yet? Get started establishing one here.
This time around, we have room to be a bit more deliberate and thoughtful in our transition—but there is still much to consider to ensure the resilience of your firm and the well-being of your people. Incorporate these practices into your return-to-office plan to lighten the load as it relates to cybersecurity.
What you can do next
- Enroll in our Virtual Practice Management Strengthen Your Cybersecurity Program to uncover potential gaps and develop a detailed action plan to strengthen and maintain your firm's cybersecurity program.
- Consider a custodian that invests in your success. If you're thinking about becoming an independent advisor, contact us to learn more about the benefits of a Schwab custodial relationship.