Similar to many organizations, We underwent a complete digital shift with a mandate that all employees work from home during the COVID-19 pandemic. While our technical teams are experienced in empowering a worldwide employee base, transitioning the entire 4000+ person global workforce to an at-home workforce required a swift roll-out of processes and best practices for remote work and business continuity.
- Business Continuity in a Remote Workplace
- 1. Implement single sign-on
- 2. Require multi-factor authentication
- 3. Provide recommendations on home network security
- 4. Provide employee guidance on new security scams
- IT Operations / Delivery & Support
- 1. Maintain consistent and transparent IT support
- 2. Double down on communication & productivity apps
- 3. Keep an eye on security
- IT Infrastructure
Business Continuity in a Remote Workplace
Here are some of our technical tips to help our employees work successfully in their new remote workspace and ensure business continuity.
With employees working remotely on home networks, cybersecurity is more important than ever for companies of all sizes. Here are some suggested security measures companies should institute now, as well as risks to monitor in the near future.
1. Implement single sign-on
Consider implementing a single sign-on (SSO) service for employees to easily and securely access the business apps and services required in their roles. An SSO tool allows employees to use one set of credentials to log in to all the apps and services that they’ve been given access to by the IT team. We used Microsoft Azure authentication for our Terminal Server connections. We used our own VPN to connect workstations from Office to work smoothly.
Not only is it convenient for employees to have what otherwise looks like one account on a service like Okta, but it’s also an essential tool in a company’s security toolkit. The IT team has precise control over which services employees use, their permission levels, and can easily change access control when employees join or leave the company.
2. Require multi-factor authentication
Part of strong SSO use includes multi-factor authentication (MFA). In addition to a username and password, MFA asks users to input a secondary credential, which can be retrieved from a linked phone app, text message, biometric recognition, or other authentication means. The additional layer of security mitigates the risk of a bad actor penetrating corporate systems with just an email address and password alone. We used Microsoft Azure MFA to authenticate our users to access IT Services
3. Provide recommendations on home network security
Home network security may not be as advanced as your corporate office. Internet of Things (IoT) devices and misconfigured or outdated network equipment may expose employees and company workstations to threats on home networks. Avoid public Wi-Fi at all costs, but if that’s the only option for an employee, a VPN client should be used. Ensure company workstations and software are up-to-date and local firewalls are enabled. Endpoint threat protection solutions should be enabled on all workstations to alert the Security and IT personnel of endpoint risks.
4. Provide employee guidance on new security scams
With a workforce on high alert for communications and news on COVID-19, cybercriminals may take advantage of people’s interest in the subject via email scams. While building awareness of and providing guidance on phishing attempts should already be part of your company’s cybersecurity policy, it’s important to revisit how employees can defend themselves against scammers.
Proactively outline safeguards employees should take to avoid falling victim to a phishing scam. For instance:
- Specify how employees should expect to receive official company announcements and directives during this time. Will it always be an email from the CEO?
- Be cautious with most emails. Brand impersonation is a common tactic of phishing scams. Even when an email is coming from what looks to be a trusted colleague, be aware of small differences such as an unusual number in an email address or strange formatting.
- Never provide sensitive information (passwords, financial information, etc.) on email or chat tools. If you’ve received a password reset email that you didn’t request, reach out directly to the IT team.
On the back end, if your company hasn’t already invested in security prevention software, now is the time to investigate solutions that prevent suspicious emails from reaching employees.
IT Operations / Delivery & Support
With companies instructing their employees to work from home for the foreseeable future, IT leaders should adapt their internal guidance to account for the unique requirements of employees now working remotely. Here’s how your team can help employees make a seamless transition to remote work.
1. Maintain consistent and transparent IT support
The new normal for IT teams will likely be centered around troubleshooting a fresh set of issues daily — from home office setup to internet bandwidth to home networking. In addition to ensuring VPN infrastructure is intact, there will be questions on cables, routers, and even monitor recommendations.
Because employees can no longer swing by the office IT department and there are many new variables in technology usage, it’s crucial that your team is available and transparent on issues that may arise. A few ways your IT team can provide support for employees include:
- IT office hours – In order to get through the initial WFH transition, offer IT Office Hours for employees to drop in to a video call and ask questions to an IT staff member.
- Up-to-date wiki pages – It’s helpful to update your internal IT wiki or intranet with troubleshooting tips, FAQs for new remote tooling, and more.
- Allocate budget for IT office supplies: It’s important to make sure employees have a comfortable and ergonomic setup at home. If possible, allocate a budget for employees to purchase work gear like monitors, desk chairs, or keyboards.
2. Double down on communication & productivity apps
Vital to the successful transition to a remote workforce is the compulsory use of products that enhance communication and project management. Institute collaborative tools like Slack or Microsoft Teams for chat, Zoom or GoToMeeting for meetings and facetime, Asana or Jira for project management, and Google Drive for a cloud-based office suite. We are on Office 365 so we used Microsoft Teams and other Microsoft 365 tools like Planner, To-Do to be productive.
For optimal use of tools like video conferencing, we recommend that employees use a laptop or external webcam. The nuance and connection of face-to-face communication don’t have to be lost in a remote company.
3. Keep an eye on security
It’s worth repeating that the security of your systems is crucial right now to keep operations running as normal. Instruct your team to proactively stay up to date with relevant patches and updates to the tools used across the company. Vendors with cloud-based products are seeing a spike in usage as global businesses go remote, so their products are adapting quickly. Stay well informed of potential risks by taking bug reports from your employees seriously, maintaining regular communication with vendors, and following industry news sources.
Ensuring your IT infrastructure is prepared for a crisis is also an integral part of an IT business continuity strategy. Here are a few tips to build a technical infrastructure that can maintain your company’s systems in a time of uncertainty and change.
1. For flexibility, adopt hybrid cloud infrastructure
Build your infrastructure on a highly flexible cloud environment. Don’t rely on a single public cloud provider for compute capacity. Build a hybrid infrastructure consisting of a private cloud (a hosted data center at a third-party offsite location) and a public cloud (a service like AWS, Azure, or Google Cloud). A hybrid approach allows you to quickly scale your systems by adding more server capacity to your public cloud platform as needed. Not only is it more efficient for your systems, but it also keeps your cloud budget under control. As site usage ebbs and flows, so can your server use and its related costs.
2. For high availability, create redundancy
Our infrastructure goal is to have at least N+1 redundancy or no single points of failure anywhere within your infrastructure platform. To achieve this, your site shouldn’t rely on a single internet service provider. Instead, use multiple providers, which helps achieve high-availability goals.
3. For quick response times, use DevOps automation
Rely on DevOps automation tools and processes to ensure rapid response times. Embrace a strong DevOps mindset. Create a well-defined process for change and incident management with good visibility into your products’ key performance metrics.
Within the DevOps practice is a feature called Infrastructure as Code (IaC), an important automation tool as you scale cloud environments to accommodate site usage. IaC automates the provisioning of IT infrastructure so that engineers don’t have to manually provision servers or storage as they develop and deploy new applications.
HR leaders have noted, this is the time to lead with connection and empathy. Tech leaders in IT, security, and software engineering are quickly redeveloping business norms to face an uncertain time. By pivoting processes quickly and maintaining clear lines of communication with employees, your technology investments will continue to support business continuity in a new remote workplace.