COVID-19 is putting us all in a position of setting up remote workers even if it’s not been the norm. Things are moving fast, and that means we have to do the best we can with what we have while still ensuring data is secure.

We’ve written several pieces about COVID-19, like how to protect against phishing attacks and the ripple effects of the virus as businesses move to work-from-home models.

As you set up work-from-home protocols, understand things will be missed—this is, after all, new territory. You may not have operations plans firmly in place right now, but you can certainly work with what you’ve got and create as you go along. The goal is to be up and functional.

Here’s a checklist to keep in mind as you move employees from the office to home.

 

  1. Pivot in real-time for BCP updates. You may find your initial efforts to prepare employees to work remotely missed some things. Add those items to your business continuity plan as they arise and include those adjustments in your daily contact (emails, scrums, etc.) with employees. If training is needed, set up a video conference or a quick training tutorial.
  2. Enable authentication. In the rush to get people working remotely, two-factor authentication (2FA) can be lost in the shuffle. Enable it, train users how to use it, and only allow access to data via 2FA.
  3. Tighten up system deployment. Ad hoc resources may not be configured securely. If you’re providing company-owned devices to employees (and you should be if possible), make sure they’re configured with the latest patches and updates. Communicate how you’ll continue to roll out those updates so remote workers know where to find the updates and which ones to trust.
  4. Inspect for Internet exposures & accidental administration errors. Monitor remote devices and do daily (or hourly) scans to catch any exposed systems, ports, or protocols.
  5. Educate your people. We’ve given you some solid information on how to educate users about what they can and cannot do with devices from home. One thing you and your employees may not consider because it’s so simple it’s overlooked: don’t allow family members to use your laptop (or other devices). Whether it’s for homework or gaming or YouTube, devices used for company work should never be used by anyone but the employee.
  6. Implement new support escalation paths for work-from-home. Walk yourself through your day-to-day rituals and make notes. What are you and your employees doing without even thinking about it? Downloading files. Updating information. Those things and everything in between should have a mirrored plan for remote working. If there are issues, the order of priority should be self-aid, buddy-aid, and first aid. Self-aid allows the employee to use the training they have to fix the problem(s) that come up. Buddy-aid is having another employee they can call (rather than the help desk) to work through and solve the issue. First aid would be the final line of attack—contacting the support team to fix the problem and ensure it doesn’t happen again.
  7. Review device inventories regularly. Examine everyone and their devices if it’s their first time working remotely. Conduct log and access reviews, as well as entitlement reviews for people using home systems instead of company-owned systems.
See also  An RIA Guide to Deciphering Managed IT, Cybersecurity Operations, and Cyber Governance

 

In Conclusion

When telecommuting is new to you, the issues that come with it are also new. Everyone is playing catch up. If you didn’t have a contingency plan in place for remote work, do your best to create it as you move forward. Don’t impede progress just because something isn’t written down. However, keep track of what you’re doing as you do it, what’s working and what’s not, and new issues that arise. Keep adding to your work-from-home operations plans and continue training employees on how to successfully work from home.  When in doubt, contact us if you have questions or concerns.  We’re here to help.

Learn More