Scott Taylor, Group Chief Information Security Officer of DropJaw portfolio company Connectus Business Solutions, offers some useful advice to companies faced with the challenge of business continuity during the Covid-19 coronavirus pandemic.
This week, British Prime Minister Boris Johnson recommended all UK companies that can send their staff home to work should do so in order to minimise the economic effects of the Covid-19 coronavirus and help restrict transmission of the virus.
So how does a company approach such a potentially jarring change to the way they do business? Here at Connectus, we have many years of creating effective distributed networks for remote teams, so we’re offering a few points to consider; contact us today if you’d like to know more about any of the issues raised.
First of all, don’t panic! Take sensible precautions with an eye on the future – Covid-19 may be an immediate challenge, but its effects will be felt for a long time to come, so poorly-planned responses could simply create additional concerns and issues further down the line.
Take this as an opportunity to rework your entire organisation’s approach to successful and secure remote working.
You will probably have already considered the most pressing immediate issue: is home working for staff actually constructive or viable for your company or organisation? Retail companies and those that rely heavily on warehouse-, factory-, or depot-based operations may find the answer is, sadly, ‘no’.
However, for office staff who work at a desk, working from home is a perfectly viable way to keep your business operational in such challenging times.
But companies and staff alike will have to fundamentally rethink their approach to what will become normal day-to-day work. And once the Covid-19 challenge has passed, many employees will push for the option to continue working remotely.
Remote working does not, however, suit all people, so few companies can expect to transform into a fully remote operation in 2020. The fact remains, however, that the office or workspace as we know it is about to change.
Some security considerations:
- Don’t just open up your network for remote access – never allow direct remote access to files, devices or systems from the internet for anyone.
- Always place some kind of security boundary around the office network and only allow trusted, secure connections in from the outside. This could be via a Virtual Private Network (VPN) or a zero-trust solution, which assumes every connection is through some hostile network and secures all communication.
- If you have a VPN on your firewall, use this as it will be more robust than a solution which operates on a computer inside the network. If you are unsure, contact your IT service provider (or contact us here at Connectus to learn more).
- If you don’t have a VPN, can you use remote access software like LogMeIn, Take Control or Team Viewer, which will allow staff to access their desktop computers on the company network without having to open a hole in the firewall? If so, do.
- Make sure your staff understand the risks and responsibility of working away from the office; now is the time for your HR department to draw up the communications protocols and paperwork you’ll rely on for years to come.
- Ensure you have appropriate staff contracts in place to cover data protection and legal responsibilities.
- Your boundary with the internet will change and no longer be just your office or workplace – it will include every remote worker who can access your systems.
If you use Office365 or Google Docs:
- Insist staff use web applications on their own devices and do no install software without clear guidance from your IT department. This will allow the business to retain control of its data.
- Criminals are constantly on the lookout for open networks and systems – don’t make it easy for them.
- The current situation shouldn’t lead to a technology free-for-all as this will expose your business to bad actors – be responsible and seek advice if in doubt.
If staff are taking work devices away from your premises, ensure that:
- You have appropriate insurance cover.
- All your protection systems remain effective when used away from your premises and regular network.
- Your IT support can still access the devices.
- Your staff accept responsibility for the safe usage and storage of the equipment.
Finally, also consider that if remote work becomes a long-term requirement, as an employer you will have responsibility for ensuring the adequate working conditions of staff who work from home, including suitable desks, seats and display equipment.
This will also include consideration of remote management of staff devices, improved IT management and audits to know where your organisation’s data is for compliance with the Data Protection Act.Return to Latest News