BUSINESSES returning to their offices after a long lockdown lay-off should consider the cyber security implications, according to a leader in the field.

Matt Horan from Poole company C3IA Solutions is urging companies to carry out checks before getting all their staff back because the risks will have increased.

And it is not only technical things that need checking, but the environmental conditions and physical security too.

Leaving IT kit alone for a long time will create new vulnerabilities and cyber crooks upped their game during the pandemic and are more dangerous than ever.

Furthermore, staff changes during the last 17 months could open the back door to criminals.

Matt said: “Any hardware that has remained switched off for a long period should be powered up and left for 24 hours before it is used.

“Often hardware will fail in the first few hours of it being started and it is best to check all is well rather than assuming everything will work as it used to.

“All passwords on network-critical devices should be changed; not only is this good practice anyway, but there might have been staff changes within the business.

“Software should be assessed, tested and then patched, and this could take hours or even days because installations can take time.

“New or updated software should be considered to replace out-of-date versions. This might mean a considerable cost, but it is better than suffering a cyber-attack.

“Staff may well need familiarisation, security and awareness training for any new software that has been introduced.

“And it is always important to check the physical security of offices, including alarms and CCTV.

“A physical security sweep should also be undertaken, and staff ought to check their working areas and remove anything that looks suspicious or is unfamiliar.

“Working practices and business models might well have changed during the last 17 months and this too might add to cyber risks.

“While carrying out checks might be time-consuming and possibly costly, it is far better than being the victim of a cyber-attack.”