Businesses across the UK have moved their teams to remote working in response to the COVID-19 pandemic. The transition of IT systems and devices out of the office and into the homes of employees has generally been relatively smooth. But with technology working and most of us adjusted to this new way of working, the question is: what comes next?
It’s becoming increasingly obvious that organisations should now be preparing for a more sustained period of remote working and consequently you need to ensure that your IT strategy, technologies and policies are as robust and secure as possible.
But to do this you first need to understand the risks. By taking the time to review and consider the following questions around technology, security, people and processes, you can ensure your remote workforce can operate securely and to its full potential throughout the lockdown and beyond into the “new normal” that we’re all planning for.
If there’s anything that’s risen to the forefront in this current crisis, it’s the critical role that technology plays in connecting teams remotely and helping organisations to operate business-as-usual.
You may have equipped your team with the necessary equipment and software to carry out their daily work remotely, but there may be other factors outside of your control that have an impact. For example, if their home internet connection is slow or unreliable it will greatly reduce their productivity, so what additional steps can take to make improvements. Here you should be asking:
- What new systems, software or devices do you now need to enable your employees to continue to work as effectively as possible remotely? Are there any technology issues that may slow down productivity? For example, do you know how reliable your employees’ internet providers are? Do you need more capacity or resilience to cope with sustained homeworking?
- What applications or systems might employees, or their family, be using, outside of the organisation’s control, in a home environment?
- What devices are being used? Company-owned or employee-owned or both? Do you have full visibility? You should have a central view of all the work assets that are now in employees’ homes but if employees are using their own devices then do additional security measures now need to be implemented?
Processes and policies
Data protection and compliance remain vital, regardless of where staff are working. This becomes more of a challenge in a fully remote environment and even though many organisations have already migrated to cloud solutions which may help address the issue, it is now time to think this through properly. In this environment you need to be asking:
- Does my organisation still meet compliance requirements in this new environment?
- Do I have the right policies in place, and do they need updating? For example, is my BYOD policy still fit for purpose or does it need to be revised to deal with the current situation?
- Does the processing of personal data remain in accordance with data protection law and company policy in the new environment? It isn’t just electronic data you need to consider. What about physical documents held away from the office?
Each time a new way of accessing data is created, it puts that data at greater risk. This risk is intensified with remote working as your organisation’s perimeter is now highly distributed making it harder to control access to data and know if, when and how data is breached. It’s now more helpful to think about securing the application and its data, rather than a place or a specific device.
You need to make sure you fully understand the new security risks facing your organisation. Here the main questions to consider are:
- How are employees now accessing systems? On what devices and on what networks? Any home devices or networks are unlikely to have the same level of security, e.g. they won’t have multiple firewalls or may be used on unsegregated networks that are shared with other family members. Do you need to consider providing a separate work broadband line if an employee doesn’t have a solid and secure internet connection?
- Do further controls need to be implemented to safeguard data security? Remote working will increase the likelihood of data breaches or leaks, such as offline copies of documents or uncontrolled versions – how will you mitigate this?
- Do you have the right risk management frameworks or solutions in place? Consider implementing solutions such as monitoring software for data leak prevention, two factor authentication and network access control.
The final area to think about is your people and whether you have the right support and technical expertise to maintain your remote working capability long-term? Alongside this you should be asking:
- Is your team equipped to deal with the influx of user issues that will arise from home working? Do you need more support, either internally or from a third party?
- Are all the necessary staff fully trained and aware of best practice for working from home? Do you need to put in place more testing or training?
- How can your organisation make any required changes to IT when everyone is working remotely? Again, do you need to work with third-party providers for support?
As we enter the next phase of remote working, it’s important to use this period as an opportunity to strengthen remote working practices and safeguard the business.
Getting this right now will position your organisation well for the long-term – especially if we are required to carry on remote working after restrictions are lifted.
For more information on advice on how best to support sustained remote working download our short guide here