The unprecedented COVID-19 pandemic forced many companies to close their offices and direct their employees to work from home. As businesses slowly reopen, many employers will continue to sustain flexible, remote options for their full workforce, while others will offer a dual structure allowing for limited on-site staff.
Managing the required daily IT operations for a remote or combination remote-on-site workforce can be overwhelming for many businesses, as most systems and operations were not set up to handle this new world order on a long-term basis. With the help of IT staff or managed services providers (MSPs), though, businesses can adjust to these shifts in remote work arrangements—permanently!
The First Steps
The way forward requires the following actions:
Determine the needs and wants of the workforce. There’s no need to dramatically shift the way an office runs if everyone is eager to get back to office life. Similarly, it is important to gauge the number of remote workers who will need continued IT support at home.
Examine the budget. Securely working from home is best done with company equipment, including enterprise-grade firewalls, secure software, and ongoing training. Cost may prohibit a large-scale flexible expansion.
Consult the IT department or MSP experts. These professionals will perform the heavy lifting for this transition, as they did during the emergency shift to remote work. A pandemic is an exceptional situation that may have pushed these teams beyond their limits. They should articulate what they need in terms of hardware, software, or additional staff in order to maintain secure operations. Pushing the IT team beyond their means creates a ticking time bomb for a data breach or other cyberattack.
The key to a successful transition to a remote, flexible, or dual staffing structure relies on strong IT and cybersecurity. This is not the time to act without support.
Security and Privacy Best Practices
Three security must-haves for a remote workforce are comprehensive training; up-to-date operating systems (OSs), software, and hardware; and multifactor authentication (MFA). Expecting a secure and private connection with a remote workforce without these tools will undoubtedly lead to problems. Any business that moved to remote work without these in place should act immediately to remedy the situation.
Train employees on all aspects of remote work. Start with the basics. Refresh the companywide password policy, and employ phishing training tests to teach users how to be on the lookout. Encourage a culture of asking questions before clicking—this is an effective defense against many cyberattacks and user mistakes. Review acceptable applications, and eliminate any behaviors that are against company policy or that could create security vulnerabilities. This training shouldn’t just be done once. Update employees when changes to the cyber landscape emerge, and review key concepts regularly.
Use MFA. An MFA security system verifies a user’s identity by requiring secondary credentials in addition to the username and password. The unfortunate fact about the cyber world is that most passwords either have already been compromised or aren’t complex enough to prevent unwanted access. MFA requires another variable to gain access, consisting of a code sent to a phone or an e-mail, fingerprint or facial recognition, or a code from an app like Google Authenticator or Authy. Even accounts with compromised passwords are protected when MFA is in place.
Update everything. Keeping employees on Windows 7 machines to save money or refusing OS updates to save time end up compromising a business’s security. Whenever possible, use the most recent version of software and applications. Make sure the systems accessing company information are updated and will continue to receive security updates. Windows 7, for example, is no longer supported by Microsoft. No new updates will roll out, leaving those systems vulnerable to new threats.
Handling the Dual Staffing Model
As businesses learned during the early crisis days of COVID-19, the most important key to maintaining a cohesive path forward is communication. That doesn’t necessarily mean more meetings, although the novelty of videoconferencing is exciting. Checking in with employees regularly and encouraging a culture that values the person over relentless productivity go a long way.
In a similar vein, this isn’t the time to introduce monitoring systems that weren’t already employed. Encourage employees to treat their home office as they would their cubicle. Many businesses are finding that the addition of monitoring software is met with backlash and dropping morale rather than a boost in productivity.
The social aspect of the dual (or flexible) staffing model is essential to employee morale, so don’t leave important company culture in the office. Find new ways to celebrate milestones and birthdays, encourage close teamwork, and discover safe ways to gather and touch base.
Beyond the social, maintaining this model of work relies on continuous training for everyone in the company. Remember, cybersecurity training isn’t just one and done. Threats change, adapt, and emerge. An increasingly remote and distracted workforce may prove more likely to fall for traps laid by bad actors.
Ultimately, the way operations look moving forward depends on a plethora of factors. The important thing is to prepare and plan before putting any change in place. A post-COVID world doesn’t have to be marred with vulnerability. Embrace flexibility.
Amy O. Anderson is a Principal Partner at Anderson Technologies, an IT company that optimizes technology to meet the demands of small and midsize businesses. For over 20 years, Anderson Technologies has provided the IT solutions firms need to be competitive in today’s marketplace.