Updated device policies – Caution was thrown to the wind last March, but now it’s time to restore some order. Have your customers decided what their ideal device strategy should be? Is BYOD OK? Should workers be bringing laptops back and forth from the office or have dedicated devices for each? Will workers use shared workstations when they’re on-site or always have a dedicated device? After some intentional thinking, companies should revise and restate their expectations and rules.

Inventory review – Regardless of each client’s new work modality (fully remote, everyone back, hybrid/flex), they’ll need enough devices to go around. Are they on-site and loaded with the right software? Or is it time to restock and refresh some older computers?

Collaboration platforms – The pandemic may have quickly ushered in new tools and platforms to allow workers to communicate, share screens and jointly work on files. Once some workers return to the office, those platforms won’t disappear; instead, they will be used far more often within the office network. It’s important to standardize and ensure that these platforms aren’t creating any security risks, and that employees are trained regarding which devices to use them on and what types of information should or shouldn’t be shared using them. Are you prepared to shut down these shadow IT solutions and migrate workers to approved tools?

Inspecting and updating returning devices – Before everyone plops down at a desk and plugs in an Ethernet cable or logs into the corporate Wi-Fi network, is there a plan to ensure those devices don’t have any viruses, are appropriately patched and are running the latest versions of key software? This critical step is easy to overlook in the excitement and chaos of returning to the office. Staggering re-entry and running these checks as a pre-requisite to return can reduce the risk of someone bringing back any unwelcome stowaways. Using a “quarantine” LAN for these devices until they’re fully checked out is one route to ensure everything is up to snuff.

Inspecting and updating “abandoned” devices – Many devices may have been gathering dust in the office the past 16 month–especially printers!–and could use a review and refresh of their own. Patches, OS updates, virus scans and the like should be a priority before they get booted up on the network.

Password updates – Businesses should always be requiring regular password updates, but re-entry is the perfect opportunity to force everyone to do so. All systems should be reset to a “zero trust” state with two-factor authentication used whenever possible to regain access.

Physical security on-site – It’s a good opportunity to review who has access to which spaces in the office before everyone floods back in. Are servers locked away to prevent direct physical access? Have keycard permissions been checked to ensure former employees or non-essential workers can’t get into places they shouldn’t?

Physical security at home – When everyone was locked down, few remote workers were entertaining houseguests in their home office. But the return to normalcy also means much more foot traffic in spaces that have been used for months as workspaces. Employees should be trained (and reminded) to keep physical documents secure and devices with work access locked when others are about. Time to take that sticky note with all your passwords off your monitor!

Staff turnover – Every business has employees coming and going over time, and the job market hasn’t stood still during the pandemic. New workers will need a lot of training on security protocols and best practices, while former employees must be prevented from physically or digitally accessing things. Is a new hire orientation that includes security part of the re-entry plans?

BCDR – Business continuity solutions may need a refresh or some tweaking as employees return, as well. Are the right devices and systems being backed up in this new environment? Can the BCDR solution handle a hybrid environment?

Compliance and PII review – Things may have been a little fast and loose during the pandemic as business struggled to maintain their level of service during a major disruption. With employees returning to the office, it’s a good time to make sure that the way in which personal information is being handled still meets regulatory compliance standards. Are policies accurate and enforced, and is old data being cleaned up from places it shouldn’t be?

Network capacity planning – Things have changed a lot since March 2020. Many businesses are relying on the cloud more than ever, and not all employees may be in the office at the same time. This could easily put a strain on bandwidth limits that were adequate pre-pandemic. Do you have enough pipe to support the new normal?

Ensuring equal opportunities – In a hybrid environment, remote workers should be able to do pretty much anything on-site employees can do … other than use the coffee maker. Is bandwidth and access sufficient so remote workers aren’t penalized or prevented from doing their jobs? Are meeting rooms outfitted with the right audio and visual equipment so remote participants don’t feel left out yet don’t open any new security holes?

Traffic cop – During the early days of returning to work, it’s vital that MSPs are on the lookout for unexpected and unusual data traffic. This can be an early warning sign that viruses, malware, footholds or other entry points for bad actors have made an appearance along with returning workers. Do you have monitoring tools in place and know what to look for?

VPNs – If hybrid work is here to stay for your clients, then their VPNs must be up to the challenge. Do the right people have access? Are you using two-factor authentication and unique passwords? Can they handle the traffic?

Third-party partners – In today’s connected world, you’re only as secure as your weakest link–and that link might not be your own. Contractors, vendors and the like should also be fully vetted for an updated security profile. Do you know that your partners aren’t creating weaknesses that could be exploited by bad actors?