Security & Agility for a Remote Work Environment
The SARS-CoV-2 virus and incidence of COVID-19 might seem unpredictable on the surface, but health experts have been predicting a pandemic like this for years. While it may be a broader and more serious event than we have seen in our lifetimes, it’s predictable nonetheless. The biggest difference is other large-scale pandemics occurred before the age of the internet and connectivity. The idea of working remotely was not a consideration for many businesses. When creating your company’s business continuity plan, you likely considered the possibility of a limited need for remote work for key roles, but probably not for many others—let alone your entire workforce. In addition, many who did consider this need probably did not foresee it becoming necessary for an extended time period. This need for a remote workforce caught many companies off guard and unprepared. Many cities and states are now under lockdown with office buildings closed. Here are nine items to consider now that will help you update your business continuity plan for the next event.
- Equipment for remote work – Do you have enough equipment procured or a method of procurement to meet your needs should your workforce be displaced for a period? Lead times are often unpredictable once an incident occurs. Plans to have procurement options or inventory in place will be critical.
- Remote access and capacity – How will you allow employees to access data? Is a virtual private network (VPN) the preferred method, or a remote desktop? Does one option fit your needs more than the other? Have you performed a stress test to identify bottlenecks or limitations within these channels? Test now, and periodically, under current conditions for future needs. Using a VPN may be ideal for simply accessing company data. However, depending on the VPN, it may be too slow, causing a major bottleneck. A file-sharing solution like Microsoft Office 365’s OneDrive may be a better fit, as it allows local file synchronization as well as optional offline file storage on the local machine.
- Device security – Considerations must be made to secure equipment used for working remotely. Laptops must never be left unattended in vehicles. Endpoint protection, local drive encryption and multifactor authentication should all be considered to protect the data stored on the device. A usage policy should be approved by management and reviewed periodically to help ensure the company’s needs are being met. Additional expenses may be required for licensing for VPN licenses, encryption and endpoint security.
- Phone systems – How will you communicate with employees during this period? Some companies issue cellphones to employees upon hiring, although many do not. Team members should exchange their cellphone numbers and establish reasonable limits on if and/or when it is appropriate to contact other employees during nonbusiness hours. If your company uses a service like Skype, Zoom, GoToMeeting or Webex, reaching your employees may not be a problem unless the employee has low bandwidth at home or, worse, no internet at all.
- Bring your own device (BYOD) – If your organization wants to expand the use of employee cellphones to include company data, especially email, careful consideration must be made regarding how that data will be protected. Like laptops, cellphones are often lost or stolen. Some smartphones can be encrypted. Your Outlook server can allow for smartphones to retrieve email; however, you may want to consider purchasing an enterprise application that manages company data stored on smartphones. This type of application creates an ecosystem within the smartphone that separates personal data from company data and encrypts the data within the app itself so the rest of the phone is unaffected. In addition, you also should prohibit employees from jailbreaking/rooting the device and ensure the device can be remote wiped in the event it is lost or stolen.
- Confidentiality – The confidentiality of client or company information must be carefully considered when working remotely, especially if employees are not working at home. Phones should have screen lock policies and be protected by a PIN or password. Remind employees to be mindful of what others can see or hear when in public. Employees working from home also should determine who has access to their workspace and establish ways to protect sensitive information.
- Remote workspaces – It may be best to avoid cafés, coffee shops, bookstores, etc., during this time. Employees may seek out these locations if their home is not conducive for work tasks. However, public internet hotspots may be monitored by criminals and you may not have the appropriate privacy, thus the use of VPNs in public should be considered.
- People – Always identify who is deemed essential and what is required of those individuals beforehand. Get their buy-in and confirm it with them before you need it to avoid confusion during a crisis.
- Travel – Travel restrictions for conferences, meetings, retreats and even some planned work-related business trips should be considered in the early stages of a pandemic and before social distancing expectations and mandates occur. Determine the best method of performing work or attending meetings remotely, and plan to have the proper equipment and services to help reduce frustration during the transition. Services such as Zoom, GoToMeeting, Skype or other video and audio conference call options can help operations continue as smoothly as possible.
As with most topics related to COVID-19, changes are being made rapidly. Please note that this information is current as of the date of publication.
For more information, reach out to your BKD Trusted Advisor™ or use the Contact Us form below.