As society confronts a major pandemic, COVID-19 is impacting nearly all people around the world. Schools are closed, travel is restricted, flights are cancelled and offices emptied - all with the goal of stemming the spread of COVID-19. The CDC has even suggested employers establish policies that allow their employees to work remotely to promote social distancing.
Heeding the call, businesses have rapidly mobilized to meet the threat, and as a result, more people today are working from their homes than at any time in modern history. For many businesses, this "work-from-home" experiment launches them into unfamiliar territory.
Here are some strategies for maintaining business continuity during these unprecedented times.
1. Inventory and Assess Your Company's Remote Work Capabilities
While 92% of businesses offer remote work, the opportunity has not been afforded to all employees equally. For many companies, this shift to remote working happened almost overnight, leaving little time for adequate planning. Now is the time to audit and assess the new network access your company needs and consider the security implications. Managed Security Services Providers (MSSPs) are experts in security assessment, and can help midsize businesses quickly come up to speed and get their users what they need.
For network nomads, who are always on the go, chances are they have the resources they need for the long haul. For the folks who haven't worked from home as much, it is helpful to take an inventory of all the data and applications they may access regularly. From there, you can map out what needs to be accessed, who needs access, and how best to provide that access. Work with department heads to understand the unique needs of their team and make sure their team members are set up for success.
Here's a checklist of things to consider:
- Does the employee have a sanctioned device or do you need to acquire more phones/laptops?
- Do you have enough VPN licenses to issue to all that need them, or do you need to acquire more?
- Does the employee have sufficient Internet access to perform their job?
- What systems does the employee require to do their job?
- Does the employee require secure access to sensitive systems and data?
- What Cloud applications does the employee use on a regular basis?
- Is the employee set up to use multi-factor authentication?
2. Set and Communicate Expectations for Remote Work
As many of your employees are likely working from home for the first time, now is a great time to reach out to your team to outline your company's work from home policy to set expectations for employees working remotely. Some 24% of businesses haven't updated their work from home policy in over a year, so use this as an opportunity to do so. A simple email, or conference call with your team, can go a long way.
Some things you may want to address:
Availability - What hours do you expect your team to work? When are you making yourself available?
Responsiveness - Are remote workers expected to respond immediately? If so, how will those expectations be communicated? For example, will truly urgent requests only be made via phone?
Platforms - Remind your employees which tools and platforms they should be using, including the Cloud storage platforms, communications/video conferencing tools, project management tools, etc. Encourage your team to avoid all other non-sanctioned platforms.
Devices - If your team has company-issued devices, remind them of any policies you have established around their use. If they are using their own personal devices for work, now is a good time to provide guidance on which devices are appropriate to use and how employees are to conduct business on those devices.
Incident Reporting - Where should an employee go if they feel like the company's information may have been compromised? Who should they report the breach to, and what steps should they take to minimize the fallout?
3. Foster a Culture of Cybersecurity
Most business leaders understand that the culture of a workplace is an important part of what drives its success or failure. They must also come to understand that the same dynamics exist in cybersecurity. As your employees are under threat from targeted attacks, in some instances, impersonating members of your team, corporate culture often ends up being the difference between intercepting the attack or infecting your entire network.
Hackers use techniques to manipulate and influence your users into taking the action they want, using authority and urgency as a weapon. As a leader, you should encourage open channels of communication, so when an employee, even at the lowest levels of an organization, sees something they believe is a threat they feel empowered that their concern will be taken seriously.
4. Implement Multi-Factor Authentication
As companies grapple with having the predominance of their workforce working remotely, securing access to internal tools presents a major challenge. At the same time, hackers are increasingly targeting credentials, placing your users' account information directly in their cross hairs. For this reason, we recommend deploying multi-factor authentication (MFA) to all of your users, so they are fully authenticated every time they connect to your network.
Multi-factor authentication also allows you secure access to Cloud applications and environments that remote workers might access directly from the Internet, adding an additional layer of protection at a time when businesses are most vulnerable.
What to look for in an MFA solution:
Cloud delivered. Unlike MFA that requires a hardware token, Cloud-based solutions make it possible for a user to download an application.
Application coverage. Your solution should integrate to protect all of the critical applications your employees may need.
Simplicity. The solution should be intuitive for users of varying technical ability.
Multiple authentication methods. Support for multiple online and offline authentication options ensures authorized users can access what they need, when they need it.
Supports multiple tokens. MFA is now commonly offered by social media sites, banks, retailers and more. Look for a solution that allows you to consolidate tokens to a simple MFA application to streamline access for your users.
5. Extend VPN Access to Priority Users
Secure connectivity to corporate headquarters and critical applications is essential if your employees are going to maintain productivity as they work remotely. Virtual Private Networks (VPNs) add a layer of security to private and public networks, allowing individuals and organizations to send and receive data safely over the Internet.
As VPN usage balloons, here are some tips to help you manage your usage and avoid disruption:
Prioritize VPN for high risk users first. Some employees will require greater access than others and still others may not need VPN access at all. Understanding who needs access, to what, and making VPN available based on priority will help avoid overburdening the network.
Use a firewall in the Cloud to keep up with demand. The spike in demand for VPN services doesn't mean you have to clear space in the server room. Cloud-hosted firewalls can help to load balance VPN traffic destined for your HQ and scale to accommodate the connections your company requires.
Require MFA. Without MFA a single set of VPN credentials could give an attacker full access to your network. Users connecting using a VPN should be fully authenticated using a minimum of two factors.
Issue a tabletop firewall. A tabletop firewall deployed in a user's home office can provide full UTM (unified threat management) protection without burdening your corporate VPN.
Simply put, there are things you can't predict. Business leaders know there will be bumps on the road and unplanned events along the way. So, what can you do to protect your business future? A preparedness plan does not promise perfection, but it can give you the tools to securely navigate challenges and provide necessary resources to ensure operational continuity.
Any situation that forces you to adapt quickly to unexpected changes is the ultimate proof of how important is is to truly understand your organization and what it needs. Why? Because it shows your employees, customers, and stakeholders that your company can thrive even during unprecedented events.
As a full suite IT and cybersecurity firm, Restech can help with your business continuity and security needs. Contact us to learn more.