Coronavirus (COVID-19) has brought about unprecedented times. Let us help you maintain business as (sort of) usual.
COVID-19 has changed every aspect of our daily lives, including the way companies are doing business. One notable change is the shift to supporting a remote workforce, which brings with it a number of IT challenges.
Sadly, phishing attacks increase when a riveting news story grabs our attention. In fact, cybercriminals have already circulated weaponized versions of the original Johns Hopkins COVID-19 infection map to distribute malware and steal valuable credentials. This is a reminder that we are all vulnerable to insidious actors and must be vigilant, particularly as we urge employees to work from home if possible. That means it’s time to take a close look at your security posture.
The Realities of the Quickly Emerging Remote Workforce
For some organizations, a remote workforce is nothing new, and they have all the security and productivity measures in place to support teams from afar. But in the wake of COVID-19, businesses large and small are now scrambling to provision broader groups that not only aren’t used to working from home but may also not be equipped with the security tools required to protect your data.
The good news is that technology is available to support this changing work environment. Ten years ago, this would’ve been a disaster because the tools, culture, and processes simply weren’t ready for wide-scale rollout. That said, how do you approach this brave new world?
Phase 1: Testing the Setup
Many have been through this phase already or are scrambling to get through it. It may only take a few days. It’s all about having employees pressure-test their equipment and new arrangement to surface any issues and ensure they can truly do their jobs. From making sure they have seemingly basic elements like functioning laptops, login credentials, and decent Wi-Fi to trying out headsets and forwarding office phones, the devil is most certainly in the details.
Here are some things to consider:
- Do a little Wi-Fi trial and error. Encourage employees to try out their laptops in different areas of their homes to see where the Wi-Fi signal is strongest. Likewise, there may be bandwidth peaks during the day they’ll want to note and either schedule calls outside of those windows or perhaps not use video chat functionality to improve transmission quality. Once Wi-Fi is a go, ensure everyone understands how and when to use VPN to connect to the corporate network. Provide guidance on leveraging secure connections. All of this sounds elemental, but these items will make or break your ability to maintain business as (sort of) usual.
- Save work to shared drives. Make sure everyone knows how to save to the network to avoid the pain and stress of losing a document or project.
- Offer easy IT troubleshooting. If you can, set up a way for employees to get fast answers to their problems so they can keep moving on their initial setup. You might already have some sort of “Ask IT” mechanism, but you may also want something else that works during this unusual time to triage issues. Even if people initially feel some excitement about being able to work from home, there’s also the worry that they are on an island without their usual resources backing them up.
- Publicize IT tips and tricks. If you continue to get the same questions, publicize the responses. Send reminders about how to accomplish routine tasks remotely. IT and HR will likely want to team up as technology tools and the best ways to work from home from an overall productivity standpoint are intrinsically linked.
- Encourage communication. Teams that are used to face-to-face interaction will need to get creative and leverage their communication tools to stay in touch. Online chatting, texting, video conferencing, and good old-fashioned phone calls will enable everyone to feel they have a safety net that goes beyond simply getting the job done and supports morale. Remind people to send secure information via encrypted channels and to consider the corporate policy for using personal devices for work purposes.
- Aim for consistency. Try for consistent forms of communication to facilitate internal connections. Although it may make sense for the development team to use Slack and have Sales and Marketing on Microsoft Teams, enforcing standards will be important wherever possible to reduce the load on your IT team trying to support multiple applications.
Phase 2: Active Monitoring
After the initial testing phase, which could be fairly short if employees can ramp up quickly, it’s time to think through establishing a reliable new normal for your company in the early transition period. The fact is, we don’t know what we’re dealing with yet as far as timeline.
During this period, you’ll start to understand what’s not an immediate issue but will become one the longer the workforce is remote. For example, your accounting team may need to scan and print physical invoices to pay suppliers but lack the long-trusted mechanisms with which to accomplish this. Or perhaps you’ll have to rework how you approach the end of your fiscal quarter or year. Ultimately, phase two is when you really need to evaluate your IT approach to ensure effective security and automation measures are in place.
Here are some things to consider:
- Identify which services and components of your infrastructure are up for renewal in the short term to ensure you can continue with support.
- Double-check your process for remotely applying patches to employee workstations to protect data and equipment.
- Get complete visibility into network threat-related activities by employing advanced threat detection that can accurately identify and prioritize infected assets—remote or not.. This doesn’t require additional staff in most cases and is critical because an increased number of employees will be connecting to your network using VPN from remote devices.
- Use remote network monitoring to allow your IT staff to monitor your network with full visibility and mapping, from any corporate device. Particularly for those working from home, you can grant them the same ability to monitor, map, and manage network performance as if they were onsite.
- It is critical that staff continue to follow good data security practices. They may drop their guard due to their change in circumstances. Employ a secure managed file transfer solution to enable employees to send any size of file internally or externally with encryption and passwords as required.
- Evaluate your approach to network intrusion prevention and detection. Remember that your IT perimeter has changed as far as what you’re monitoring and protecting. If staff is using VPN’s, it has now moved to multiple endpoints in their homes. Rescan your environment to reset the security baseline and make sure your monitoring is up to speed across your environment. You can check out several options for intrusion prevention and detection here.
- Curb the impact of sophisticated phishing attacks with strong spam filters and antivirus software on staff laptops as well as server-level virus protection for Linux, AIX, and IBM i machines.
- At a time when your IT team is working remotely and under pressure you don’t want unnecessary service outages on key infrastructure. Manage system and server performance with capacity planning. Mitigate the risk of downtime across your organization by viewing performance in real time and be prepared for the future with predicting capabilities.
Phase 3: Sustaining Operations
The COVID-19 situation is changing daily, and we may need to plan for longer than we initially expected when it comes to supporting remote workers. Your goal with phase three is to get your arms around the what-if scenarios that aren’t readily apparent. This will help you create planning scenarios that will identify contingencies and reduce stress when you’re faced with curve balls.
Here are some things to consider:
- What happens if the supply chain dries up and there’s no replacement hardware for critical infrastructure that fails or becomes obsolete?
- Do you have any key infrastructure or services that are coming up to End of Support (EoS) or End of Life (EoL) in the next 12 months? Will you be able to find replacements? Will the supplier extend support during the crisis or are you willing to run the risk of maintaining the upkeep internally? As smaller vendors may struggle and ultimately fail over the long term, it’s critical to identify your dependencies on point solutions in particular.
- What happens if a large number of team members gets sick (or exposed) and can’t work? Do you have the tools in place to do more with fewer resources? In this situation, automating routine or tedious tasks wherever possible can help you get more done in less time. Workload automation solutions support IT teams in ramping up unified job scheduling, while robotic process automation tools employ preconfigured robots to handle many ongoing user-level tasks subject to human error. Also, advanced threat detection can help you monitor for infected devices without additional staff providing oversight.
We Will Persevere
Our global infrastructure is being tested like never before. While business continuity/disaster response protocols were strengthened post 9/11, this is a different time with different challenges. Luckily, you don’t have to be a tech titan to put the culture and capabilities in place to support your people during times of uncertainty and hardship.
As we humans are particularly resilient, we can adapt quickly. You may even find new working conditions offer unexpected benefits, such as service reps who try video chats with customers or accounting teams that start using electronic documents in place of paper versions.
Get in Touch
As always, Fortra is here for you. Please reach out, and we can discuss any support you would like from us as you set up your remote workforce and evaluate security and productivity along the way.