The first in our new series What Now? Not What's Next to help you address immediate IT challenges in delivering mainstream business capability
Many organisations had limited time to design their home working solution before quickly rolling it out to hundreds of employees. They rose to the challenge, and the results have been innovative and on the whole extremely effective. Fortunately, it’s simpler than ever to work remotely, whatever IT systems and applications you need to access.
However, what might have initially been viewed as a quick fix to last until Easter will now have to stay in place for several more weeks or even months. To ensure your current arrangements see your business through, it’s important to keep reviewing how things are working to manage risk, ensure data remains secure and keep staff engaged. Here are our tips on fine tuning home working to ensure you and your business are in the best possible position to hit the ground running when normal work patterns resume.
1. Risk management
Assessing risk starts with an understanding of what assets are being used by which people and what applications they are accessing. This enables you to work out what and where your major risks are, from financial information to intellectual property to PII, so that you can focus on protecting your most critical assets first. Those who handle the most secure information should be top of your list to receive advice about good practice in working from home. You can then cascade this information down through the rest of the organisation, focusing on level of risk.
Doing this successfully means explaining to users which security is important and providing them with the tools they need to do their job in unusual circumstances. They are much more likely to comply if they understand the risks rather than seeing security as a set of annoying rules which prevent them working effectively. For example, if you don’t provide them with a secure video meeting application, or advise them which one to use and how to do so, they will simply turn to whatever they find easiest.
Shadow IT is a continued risk, but never more so than when users feel isolated and that they have to work things out for themselves. Instead, encourage them to come to you for advice, while ensuring that they are clear on how they should be working. Remember aspects that may be obvious to you but not to someone who’s usually office based. For example, have they implemented a password to secure their home Wi-Fi network?
An effective software update and patching regime is also vital. Microsoft Endpoint Manager will enable you to secure, manage and monitor corporately owned and user devices, and may already be included in your existing licences if you haven’t implemented it already. If you can’t roll updates out centrally, particularly where people are using their own devices, you need to communicate with staff and explain how to do this on whatever endpoint device they are using.
2. Securing data
A number of organisations used existing or procured additional laptops, transferring applications and solutions to them. However, where laptops were unavailable, many people had to take their desktop computer home, equipped with the applications they needed. While this, in data security terms, generally works well when on a private network connection inside an office, using these desktops from outside an office environment needs additional security for both devices and data.
The normal shared areas on file servers, allocated by drive letters, are now more difficult to access as the login process assumes that the machine is inside the network. To mitigate this, users are likely to store things locally or, worse, on their cloud! (whichever is the easiest solution). This changes the dynamics of data security, with backups potentially not covering local drives and vital information being available outside the organisation. So the devices need to be secured with better/stronger passwords all round (including the home Wi-Fi connection) and physical device encryption (e.g. BitLocker) becomes essential. The connection to the central office also needs encryption, ideally by adding Multi-Factor Authentication (MFA) to the Virtual Private Network (VPN).
Cloud storage can be implemented simply and quickly to ensure data is stored in a controllable manner. Microsoft 365 and Office 365 may be easiest for businesses already using Microsoft products (as explained in a previous blog), but other options are available from Google and AWS. If you are running Skype for business you can upgrade your tenant automatically. Microsoft is currently offering a free six-month trial of Office 365 E1 and Teams, including full meetings, collaboration and workflow capabilities. However, getting the actual data from on-premises to cloud is not as simple as it seems and may need other tools from vendors to make it seamless to the user (e.g. Quest’s Migration Manager toolset).
MFA solutions are available from multiple vendors. They are not that complex to implement, but rolling them out to an already “mobile” workforce, needs careful planning. The biggest issue is the capabilities of the potential users. You may understand the technology and terminology, but they probably do not, plus the second source/factor (e.g. mobile phone) may not be the property of the organisation, so you will need a clear policy on how to address this.
You could also consider Desktop as a Service, which enables users to access their desktop and common applications using a web browser and enables data to be stored and backed up centrally. This can be implemented within a week.
3. Using a shared home computer
Another issue to consider is security for people who are using their own computer. To tackle this you will need to implement some form of mobile device management such as Microsoft Endpoint Manager, as previously mentioned earlier. However, it is important to ensure that whatever you implement is acceptable to users and does not violate personal privacy laws.
You also need to provide specific advice for people who may be sharing their computer with other members of their household. This could include closing work applications when leaving their desk and password protecting sensitive documents (although of course this requires them to remember the password).
DaaS is especially relevant for shared or non-business owned access as it solves the security and data access issues in a single stroke.
4. Keep staff engaged
Finally, consider the impact that working from home will have on everyone in your organisation, Even those who regularly work from home will be under strain from the current circumstances, and if people experience issues with their IT they will be a deterioration of effort and goodwill. It is vital to keep staff informed of everything from changes to how IT is operating to avoiding the raft of coronavirus related scams and ensure that they come to you with any issues that arise.
One of the best tips I’ve seen for coping with the change from normal social interaction to being cooped up at home came from an ex-submariner, who said the biggest requirement for working in close proximity to people with minimal physical space was conflict resolution. For IT teams, just having informal chats with people to see how they’re getting on seems to work well, rather than leaving them to sit there on their own.
For more practical guidance sign up for our webinar:
30th April 2020 10:00 - 10:30 BST