If we’ve said it once, we’ve said it, well, a lot: Working from home is the new normal. Unfortunately, there’s more to the shift than just hardware and connectivity issues.
1. NDA & Client Confidentiality
In the alternative investment industry and just about every other, we operate under strict NDAs. If you’re talking to a client in the office, and someone else is in the room, they’re also covered by the NDA. They understand the information conveyed is being shared in confidence. Or you may choose to go into an office and close the door for the discussion.
But what happens when you’re at home and are talking with clients about sensitive information? Employees should understand the importance of privileged information. Even in close quarters, they should know the expectation is that they will have a dedicated, private workspace.
2. Shared Computers
We’re used to thinking everyone has their own computer or device—you, your significant other, each child, etc. But that may not always be the case—maybe someone’s device is dead, or not everyone has a device, or kids think, “Hey, cool! New laptop!”
Employees should treat their company-issued laptop (or their personal laptop if they’re using it for company business) as proprietary. No family or friends should have access to the computer—it should be a secure space.
Remind employees to lock the laptop (change the password if necessary) when not in use, so no one picks it up for browsing, watching movies, gaming, whatever the case may be.
3. Shared Networks = Zero Trust
Switching to a sudden work-from-home policy, as most firms have, creates an argument for zero trust. Zero trust is when you must consider every network hostile (i.e., unsecured or a threat). Zero trust is about recognition and admission that attackers breach networks like firewalls.
There are three things you must protect in a zero-trust environment:
When your firm’s network typically hosts 300-400 people remotely but then is strained with thousands of remote workers, you’re very likely going to run into problems. So, what do you do? You change your focus from protecting what passes for trust boundaries (i.e., regulating the network) to safeguarding the endpoints.
Just because your employee is behind a firewall doesn’t mean that the network is safe. Home networks aren’t corporate-managed networks; you must assume home networks are only as secure as the public internet.
So, what can you do to remedy this situation? Make sure laptops have endpoint protection (EPP) by the firm. Create a castle and moat architecture that creates a trusted zone inside the home network. This network should be more trusted than any outside network.
It’s important to remember that not everyone has reliable electricity at home (some older buildings in New York, for example). Your firm has line conditioners in power systems, homes do not. Encourage employees to get UPS or a line conditioner if they can. A power strip isn’t going to prevent suppression or protect hardwire from spikes.
Home networks don’t have redundancy in their cable Wi-Fi. Users at home are more prone to Wi-Fi going out, and it will be hard to get providers out to fix issues, so they should be prepared to tether off their phones.
6. Strain on Network
The network you use at home is the same one the whole neighborhood uses. In the past, you may have noticed a strain on the network on weekends as more people were home and online. Now that more people are at home working during the week, that network is strained more consistently. This can cause problems with video-conferencing—it’s not that Zoom is overloaded, it’s that the network is.
7. Computer Hygiene
Any time you have a device at home—whether it’s company-issues or personal property—there is the chance of a mishap. People use their tables as a makeshift desk. They eat and drink there. It’s a solid possibility that something is going to get spilled or something is going to happen to a keyboard. And during a quarantine, getting a new keyboard will be next to impossible. CTOs should be prepared for these kinds of mishaps and plan accordingly.
When the COVID-19 threat emerged, people bought toilet paper so they could feel like they had some control over an uncontrollable situation. Then they turned to rice, beans, and pasta—forgetting, perhaps, about the need for protein in their haste to gather up nonperishables. They weren’t thinking too far into the future.
The same is true with working from home. People think, “I’ve got a computer. I’ve got internet. I’m good.” But they’ve prepped poorly by not considering the little things we mention here. (What about running out of printer paper?) No one plans for the internet to go out. No one thinks they’ll spill something on their computer and render it unusable. But we should. CTOs should. And we can help. Contact us if you need a partner throughout this critical time.