Working from Home Strategies: COVID-19 and Disaster Preparedness
We are all feeling the increasing concern of COVID-19 for our families, our neighbors, our communities, and for ourselves. Businesses have an important role to play and are looking for ways to protect the health of their employees while at the same time maintaining operations.
The CDC Interim Guidance for Business and Employers recommends: “All employers need to consider how best to decrease the spread of acute respiratory illness and lower the impact of COVID-19 in their workplace in the event of an outbreak in the US. They should identify and communicate their objectives, which may include one or more of the following: (a) reducing transmission among staff, (b) protecting people who are at higher risk for adverse health complications, (c) maintaining business operations, and (d) minimizing adverse effects on other entities in their supply chains.”
Establishing an effective remote working environment now will help to protect your employees while maintaining business operations even under conditions that suggest or even mandate social distancing. The CDC Interim Guidance linked above provides an excellent general road map on how to prepare your business. In this article, we will provide you with some specifics and best practices to consider as we are faced with minimizing personal contact and working from home.
Cybersecurity
Don’t let the urgency of the situation drive you to take any shortcuts with regard to the security of your business. Allowing remote access should not weaken your perimeter, it should expand it.
Secure Remote Access
Remote access to company data and resources must be controlled and secured. A Virtual Private Network (VPN) is critical when establishing remote connections to a business network. A correctly configured VPN ensures only authorized users and devices are granted access and all communications are encrypted. Encrypted transmission of data, protects your business information from bad actors who may be scanning for open access to private information. A VPN can also provide a level of multi-factor authentication to further safeguard access to business data.
As always, but especially when your team is working remotely, you want to provide them with access to the data and tools they need to perform their responsibilities but not more. Be sure a good Minimum Access Policy guides your Remote Access Policy.
Device Security
Whether you are providing your employees with devices for working remotely or if you allow employees to use their personal devices to connect, you must implement safeguards to ensure the devices themselves are secured to protect your business. Needless to say, all device access needs to require login credentials. This goes for home computers as well. Our preference is to NOT store any business data on devices but to access data on remote resources. If there is a requirement to store data on end user machines, the devices must employ encryption to safeguard data when the devices are lost or fall into the wrong hands. When a bad agent can’t access a device with a username and password, they can remove the hard drive, bypass access credentials and lift data directly from the drive. Encrypted hard drives are unreadable without the encryption keys even when they are removed from the devices rendering any information stored on the device useless.
Conditional Access
When you allow employees to connect remotely, it is important that the conditions surrounding their devices and internet connectivity are taken into account. A connecting device should:
use a private network connection
run updated software
be free of and protected from malware and computer viruses
Only when the required conditions are met, then should a remote user and their device be allowed to connect to a business network.
Only approved and authorized devices should be allowed to connect. It is important to have visibility and control across the network to be able to detect unprotected devices and unauthorized access. Employees must NOT be allowed come up with their own solutions and to use third party remote access solutions like LogMeIn.
Phishing
As employees work from home, there is a greater reliance on email to communicate and therefore greater risk to not verify the veracity of electronic communications. When working from home employees need to exercise increased vigilance. Train your team to be phishing aware. Establish clear procedures and guidelines for any transactions or communications that have financial implications. Use H2FA as a matter of course. Encourage your team to pick up the phone and speak with each other.
Collaboration
Once the security measures are in place, you want to give your team the best set of tools to collaborate and to work with optimal efficiency and ease. When you are able to give your employees secured remote access to their office desktops or if you are already using a Private Cloud solution, the work environment will be very similar to the current office experience. There are a number of excellent options that can either supplant the need for remote access to a company network or that can improve the experience. The important thing is to define the solutions and the working parameters for your business. Give the tools to your employees, don’t leave them on their own to come up with their own ways of working.
Cloud Solutions: O365, Private Cloud, G-Suite
If your business already has a Private Cloud or is already using Office 365 for business operations, you’ll be able to securely work and collaborate with your team from anywhere.
Real Time Chat
Implement a unified real time chat solution like Microsoft Teams. A chat solution allows for both private and group communication channels. A secured channel is a good alternative to phone calls and increases the velocity of communications while maintaining acceptable levels of security. More public solutions like Slack are even acceptable. Again, define how you want your team to work.
Video
Use video conferencing. This is a great way to keep your team connected and feeling in touch with one another. Most computers have built-in cameras and cloud solutions like Microsoft Office have video conferencing features like Teams baked in.
VoIP
If you have a VoIP system, you may have options for employees to bring their phones home with them or to route their calls to their personal phones. Business communications rely heavily on the telephone. Your work from home strategy needs to address your employees’ telephone access and communications.
Communicate
Get out in front of your remote working strategies and communicate with your team every step of the way. If you don’t have a plan yet, start now and let them know you are planning; they are sure to be anxious. Be clear about your plans by writing policies and making them readily available to your team. Provide open channels for communication. Incorporate feedback. Provide direction for your team so they know where to turn, how to escalate and what to expect in different types of scenarios. Working remotely requires greater vigilance and employee participation and responsibility. Help your employees to understand and prepare for the additional security challenges that come with working remotely. Give your team the information and tools to empower them to be part of the solution.