20 March 2020
Initial Guidelines to Remote Working
There’s been much written already about how to manage the human factors of a remote workforce. Everyone has an opinion about the best practices for dealing with changes to productivity, communication and the possible impact of loneliness, not to mention the health and safety concerns of the home office. People can look after themselves, but for the IT manager, enabling the systems in a compressed time-frame is a real challenge.
There is little quality advice on how to quickly mobilize your office-based workforce to work from home from an IT Management perspective. You need to be creative, leave no stone unturned and be prepared for some risk mitigation. Here are some steps you can help guide you through this process.
The process is simple and can be summarised as:
- Ensure business continuity through remote working.
- Manage the associated risks to security, in particular data loss, unauthorised access and computer viruses.
- Manage the infrastructure to ensure highly available and reliable network services, the internet and network has never been more critical.
1. Your first decision. To BYOD or not BYOD (Bring Your Own Device).
In most industries, the sales staff are already set-up for remote access. These staff will already have computers specifically set-up for the job requirements and be capable of working from anywhere. It’s a matter of duplicating (and adjusting accordingly for each job role) what you have already in place for these staff specifically for others to use.
Then there’s everyone else who is not mobile capable using a desktop computer, 9 to 5. What do you do to get these people working from home? Ideally, your IT team or outsourced service provider can offer some help and support. But what if you don’t? What can you do in the short (and medium) term?
Let’s deal with the Short Term. It buys you time for the medium term, when you can make more informed decisions.
Let the staff use (in as many cases as possible) their BYOD home computer as:
- It’s an immediate solution.
- It is already set-up (and hopefully working).
- The user is already familiar with it.
- They will have the Internet.
- It may already have some access to cloud applications (so can do some work).
2. How much risk does unplanned BYOD bring to your environment?
Your office computers are likely to have a standard operating environment (SOE) so you will already know your minimum specs for the computers. You will know in detail your hardware and software versions, network settings, VPN and security details. They will be configured and locked down as appropriate for their purpose.
Using this bare minimum as your baseline you can use an audit tool (such as Open-Audit Enterprise or Open-Audit Cloud).
To ensure BYOD equipment is ready to connect to your network, you can audit these before providing access (or go back and audit them now). This way you can quickly see what you are dealing with and which computers will be more problematic than others and start to group them based on risk. Mitigate the threats understanding that these are uncharted territories, likely you will need to balance security risk with business continuity.
It is likely that some computers may require anti-virus to be installed to meet your minimum requirement. You can plan this as batch work. You may also decide to add in other O/S updates or applications at the same time to get you past the baseline, or delay for the next phase. Ideally you try to get as close to your SOE as you can given the circumstances.
3. Next steps
There will be many decisions that you will need to make as you enter uncharted territory.
Knowing your risk from the audit results will enable you and the team to make data-based decisions about what you will and won’t allow on the network for a longer-term. In the short term it allows you manage the risk down and advise the business accordingly.