COVID-19, or the Corona Virus, has taken the world by storm.
Nationwide, businesses are implementing work-from-home policies. Thus, for most businesses, managing an entirely remote workforce is uncharted territory, which means they don't have processes, policies and the technology that enables their employees to work from home safely and securely.
How can businesses ensure employees have everything they need to work from home? Printers? Laptops? Desktops? VPNs?
Preparing for an Outbreak and a Remote Work Environment
We recommend all clients start planning how they will conduct business if a significant portion of their staff were to become ill or now that a state of emergency has been declared. Some of the precautions you can take now are similar to a large winter storm:
- Can your core services be handled remotely (such as payroll, Accounts Payable and Accounts Receivable)?
- Take a few moments and ask each department head what key services and technologies they rely on day-to-day
- Do key staff have a laptop or mobile device they can use at home?
- Do you need to access resources on your work network when you are home?
- If so, do you have secure remote access, like a VPN?
- Do you have enough remote access licenses for all key staff to connect to your network?
- Can your firewall and Internet connection handle the increased load?
For staff that works with a large amount of paper documents:
- Are there any large reports you need to print now in case you cannot get to the office?
- If you have printing needs, do your key staff have printers at home?
- Do they have toner for those printers? Paper?
- What other supplies are critical?
Policies and Communication
- Review any contingency policies you have now, such as a preparedness or a disaster recovery plan, update them, and communicate to your team
- Develop a communication plan or notification to effectively convey important news and instructions to employees and customers, along with establishing communication channels for questions to be asked and addressed
- Assess the preparedness of critical third-party service providers and suppliers
When working from home, all security precautions that are taken in the office, need to be taken at home as well. If possible, provide employees with company-owned and managed devices. If personal devices must be used, extra precautions need to be taken to ensure organizational resources stay secure. Organizations need to prepare themselves and their employees for the increased cyber security risks such a shift can bring.
It’s important to note that just because employees won’t be working from the office doesn’t mean they won’t travel or work in public places. When doing so, employees are exposing themselves to a greater risk of losing their laptops and all the data that resides locally.
- Ensure all devices that support it use full disk encryption. If a machine is lost, the data on the device should not be accessible to thieves.
- Implement password management for laptop access. All accounts on the device should require unique login credentials with strong passwords.
- Remind employees to log out whenever the system is not in use, even at home.
Access to Company Networks
When accessing corporate networks remotely, there is a higher risk of unauthorized access and data leakage. Employees may engage in behavior they wouldn’t do at the office, such as sharing a device with other family members or using the same device for both personal and work activities. In addition, the use of Home Internet Connections and public wireless services present an attack surface that is outside of your IT or security team’s control.
- Use a VPN to connect remote workers to enterprise networks and servers. A virtual private network provides a direct connection as if the remote device were connected to the organization’s local network.
- Implement a Two Factor Authentication (2FA) or Multi Factor Authentication (MFA) mechanism for logging in to the company network. Short-time code generators like Google and Microsoft Authenticator should be in use wherever possible to minimize the risk of compromise through credential theft or phishing.
- Remind staff that a laptop used at home is still company property and should only be used by authorized personnel for company business. Any non-work-related activity should be conducted on the employee’s own devices.
The challenge presented by the ongoing COVID-19 outbreak is that your organization is most likely going to have to support a rapid, large-scale shift to remote work, involving employees who are typically office-based and not accustomed to the different demands that working from home can bring. When routines get upset, security is often an early casualty. Make sure your employees understand and are prepared for the additional security challenges of remote work if they are requested or required to work from home during the current health emergency.
Contact your MSP to make sure your company is prepared. Still have more questions? We are here to help. Contact us today.