What is Office Relocation Cybersecurity Risk Management?
Whether your whole organization is relocating, or you are simply transitioning to a home office, there are many cybersecurity considerations that will help to ensure that your move is smooth and secure. The following tips can help guide the transition to your new space:
Data protection. Classify all data assets and handle all data assets based on their levels of sensitivity. Ensure that only authorized personnel handle, transport, sanitize, and/or dispose of data assets. Data assets may also include backups, audit logs, hard copies, external hard drives, USBs, and others.
Review inventories and policies. Classify and inventory all of your electronic and software assets. Conduct a full-scale device inventory that includes servers and unused IT equipment. Update your data policy and information asset security management policy.
Consider upgrading IT. After your full-scale device inventory, you may realize that you are holding onto multiple old and outdated devices that may or may not be in service. Devices that are no longer updated by the manufacturer pose significant security risks. Office moves are a good time to dispose of unneeded equipment and to consider IT upgrades.
Establish security in new location. Assess and activate door locks, alarm systems, access control systems, and cameras. Implement controls for the new site including administrative, technical, and physical controls. Review the property, facility entrances and exits, and temperature/climate/ventilation.
Carefully select moving vendors. Seek reputable movers to assist with moving sensitive data and IT equipment. Look for vendors that are well-reviewed, insured, available, experienced with moving sensitive data and IT equipment, and commit to doing the work themselves and not through third-party vendors. Predetermine the process for packing, picking up, and delivering items, and consider assigning trusted internal personnel to oversee the process.
Secure IoT devices. When you have moved into your new office, sequester IoT devices on a separate network so that they do not have access to other sensitive devices on your internal network such as HVAC systems, TVs, refrigerators, door lock systems, and cameras. Keep IoT devices behind a firewall, rather than on the open internet, so that they cannot be accessed externally. Change default device or system credentials on all IoT devices before connecting them to the internet. Keep IoT device firmware up to date.
Revisit/update disaster recovery plans. Your previous disaster recovery plan may need to be updated to reflect the new processes and infrastructure of your new location. Ensure that the updated plan includes strategies, processes, and procedures that are essential to conduct business in the event of a disaster.