The office is airgapped: there is no connection between the building intranet (on which the work is done) and the internet. The only way for malware to get in is if somebody physically brings it through the front door.
*Deliberate sabotage (employees should be searched on entry and the penalty for bringing any data storage device across the perimeter should be severe).
*A malicious script embedded in an employee's personal device (these should be scrubbed to factory default on entry and be remote terminals for cloud computing done on the building's server, not independent computers with local data storage).
*Or malicious code embedded in data or software that the corporation has no choice but to bring across the boundary. (For instance- Dell-Gazprom puts malicious code on all their printers because they know that Northrop-Toshiba uses Dell-Gazprom printers; the printers hack any server they're connected to; an activation code is manually entered separately by a blackmailed saboteur.)
Deliberate sabotage (employees should be searched on entry and the penalty for bringing any data storage device across the perimeter should be severe).
A malicious script embedded in an employee's personal device (these should be scrubbed to factory default on entry and be remote terminals for cloud computing done on the building's server, not independent computers with local data storage).
Or malicious code embedded in data or software that the corporation has no choice but to bring across the boundary. (For instance- Dell-Gazprom puts malicious code on all their printers because they know that Northrop-Toshiba uses Dell-Gazprom printers; the printers hack any server they're connected to; an activation code is manually entered separately by a blackmailed saboteur.
The drawback of course is that remote work is impossible, so office space is needed.
