Seven back-to-office cybersecurity tips

Like many small business people, you’ve probably spent a lot of time thinking about how to bring your employees back to the office safely as COVID-19 lockdowns are eased. But you also need to think about the safety of your business information in a post-lockdown world. By following our seven tips for protecting your business from digital threats, you can help ensure that your workplace isn’t overexposed to the risk of cybercrime.

COVID-19 has forced companies to make remote working arrangements on short notice. Working from home can pose new challenges for your company’s cybersecurity, since the firewall approach—sealing off your business network from the broader internet—doesn’t work when employees aren’t on site. As you begin to bring employees back to the office, you may need to take special steps to safeguard your company’s network. 

Welcoming employees back while keeping cyber threats away

Any device not on your secure network is vulnerable to cyber threats—all it takes is a quick visit by an unsuspecting employee to an unsecure website. These cyber threats can lead to theft of customer information or a disruption of your operations, which can result in legal, financial, and reputational risk for your business. Before allowing any hardware that’s been used outside of your company’s firewall to connect to your business’s network, you should follow our first three tips:

Tip #1: Scan computers and mobile devices. Check them for unauthorized apps and software.

Tip #2: Update laptops and computers. Antivirus software and malware should be updated regularly. For an employee’s computer that hasn’t been on your business network for some time, updates may not have been made.  

Tip #3: Mandate password changes. It’s easy for a phishing bot to steal an employee’s network login credentials. Mandatory password changes for all devices with access to company networks help protect against phishing cybercriminals.

You might think that a device that’s been sitting unused at the office is safe from cyber threats. Think again. Malware and virus protection patches are in a constant arms race with cybercriminals. This leads to our fourth tip.

Tip #4: Update stranded machinesEquipment left behind at the office probably hasn’t been scanned, updated, or patched for months. Update any device before using it. 

And just like you’d ask an employee who’s not feeling well to stay home, you may want to ask your employees to keep potentially vulnerable personal devices out of the workplace. Tip numbers five, six, and seven deal with personal technology, such as mobile phones, tablets, and external drives.

Tip #5: Don’t allow personal devices on your network. Devices that you can’t control can serve as malware and virus carriers. Consider requiring that your employees use a third-party cellular network for smartphone messaging and personal device web access.

Tip #6: Don’t allow external drives. Personal storage devices are easily compromised and can introduce a virus or malware into your business’s network. Consider banning their use with company hardware.

Tip #7: Inventory all devices. The greater number of business devices your employees use, the larger number of entry points for a cybercriminal. Knowing your risk exposure by keeping track of all devices and who’s accountable for them is the first step in controlling it. 

95% of cybersecurity breaches are due to preventable human error.

Your employees are your first line of defense

Cybersecurity starts with your employees understanding and practicing good cyber hygiene. To help them do their part in stopping potential cyber threats, you should consider:

  • Establishing a cybersecurity policy—Employees must do their part to protect company devices from viruses and malware by downloading only authorized apps and software, as well as by avoiding unfamiliar or potentially unsecure networks. And every unfamiliar email should be treated as potentially harmful, as should unrecognized prompts to install software or updates.
  • Putting that policy in writing—Employees need to understand the gravity of cyber threats, the harm that they could do to the company—and their livelihoods—and their key role in stopping them. 

Make web security part of your company’s culture

Cybersecurity in a post-lockdown world will be critical to ongoing business success. It includes good cyber hygiene to combat threats resulting from employees working remotely, as well as a well-communicated cybersecurity policy. Our seven tips can help you reopen your workplace in safe cyber fashion. And adopting a cybersecurity policy can help make cybersafety a core part of your company’s culture.

The author would like to thank Tristan Smith, TPA Regional Marketing Director, John Hancock Retirement for her contributions to this article.

1 "15 Alarming Cyber Security Facts and Stats," Devon Milkovich, Cybint,, September 2019. 

The content of this document is for general information only and is believed to be accurate and reliable as of the posting date, but may be subject to change. It is not intended to provide investment, tax, plan design, or legal advice (unless otherwise indicated). Please consult your own independent advisor as to any investment, tax, or legal statements made herein.

MGTS-P42658-GE 07/20 42658                                      MGR0630201230991

Thomas Shola

Thomas Shola, 

Assistant Vice President, IT Cybersecurity Officer

John Hancock Retirement

Read bio