The current Coronavirus pandemic is making it necessary for most to consider remote-enabling their workforce. Fortunately, technology makes this easier than ever, but that ease also comes with concerns to take into account. For instance, Zoom use has sky-rocketed in recent weeks. Companies communicating about confidential information need to consider the security of the conference and file sharing technologies used. At the very least, review these tips to secure Zoom meetings. If you need specific guidance, don’t hesitate to contact us.

Beyond the current emergency situation, allowing employees to work remotely can bring many benefits. In a recent Forbes review, it was found that the bottom line is enhanced when companies allow workers to telecommute. Some of the benefits of allowing employees to work remotely:

• Increased employee productivity—up to 40%!
• Quality of work is typically higher with fewer errors.
• Employees tend to take fewer days off—likely because they are more satisfied with their work as well as feeling they have a better work-life balance. Additionally, if employees work from home when sick, they are not “sharing the wealth” with others in the office.
• Less employee turnover: more than half of employees indicated they would change jobs for one that offered greater flexibility—even at reduced pay.
• Depending on how you structure remote flexibility, you might save on overhead: fewer people require less space.

From an employer’s perspective, the points above make good sense. Over the long haul though, realize that not every personality is a good candidate, nor is every role able to function well in this manner. However, start thinking creatively and you may find ways to give your workforce some remote flexibility. Technology makes so much more possible. For instance, today I was speaking to a call center representative working from home. Twenty years ago, that was cumbersome to do at best. Today, with virtual call centers, it can be as easy as downloading some software to a computer or smart phone. Through software interfaces, managers can monitor user activity. Again, increased productivity is the norm. In the case of the representative I spoke with today, they noted that they often skip breaks, including lunch, because they see incoming calls. Make note of that point.

Having been a part-time telecommuter in a former life, I can attest to most of the above from an employee perspective. I tend to be a very task driven and goal-oriented person—some say I fixate. Those traits can be a blessing and a curse. As noted by the representative I spoke to, some of us can tend to get so engrossed, we forget to get up, have a lunch, work beyond the work day, etc. As the employer or manager, be sure to remind your employees to take those breaks! Indeed, with video conferencing and centralized messaging, it’s easy to reach out to team members on work issues—or to send a carefully chosen video link for a mental break. Work is work, yes, but we all benefit from a breath now and then.

With taking work outside the office, there are risks and implementing an employee handbook as well as security policies is essential—making sure employees are informed and kept up to date on changes. In the case of Personally Identifiable Information (PII) and regulations around it, you will want to ensure that you are not exposing your business unintentionally.

Prepare for implementation:

• Employees should be accessing LAN resources, only through a direct VPN or other encrypted connection
• Establish a Unified Communication strategy and ensure all are configured with the correct devices and licensees for remote work: VOIP phones, softphone technology that transfers to mobile phones from the office number, and employees’ use of internal chat technology and video conferencing. If not provided for them, employees will use whatever is easiest for them. This could leave you vulnerable!
• Establish secure file and message exchange policies and provide the necessary tools and licenses. Again, if you don’t provide the tools, employees will use free tools outside your control and expose corporate info—their goal is getting the job done.
• Implement and enforce multi-factor authentication wherever possible.
• Ensure remote connections lock if inactive for three minutes and disconnect after idle for 4 hours.
• Use of personal devices for remote access should be highly scrutinized. You don’t want devices that have questionable downloads already on them that could have tag-along malware. Any device used for business access should be limited in use to that purpose, have updated software and firmware and centrally-managed malware protection at a minimum. You may want to consider other security protocols as well.
• Any device accessing your data from an employee’s work space should not have admin permissions to the data or network.
• Access to Sensitive Company Information, Personally Identifiable Information (PII), and electronic Protected Health Information (ePHI) should be restricted/limited when an employee is not using a secure workspace or device
• Ensure you have backups in the event of data loss or corruption.
• Keep notes! Log changes made in operations, equipment/services/licenses deployed, etc. When remote work is quickly enabled for emergency situations, you will want to reverse deployments when the crisis is over. For day-to-day operations, you’ll want this info when employees leave the business and for auditing/compliance purposes.

Employees should be held to the following recommendations for their workspaces:

• Devices should be on network separate from all other devices in the home, whether on an isolated wifi SSID or, if wired, segmented behind a router.
• The router devices are connected to, whether wired or wireless, should have up-to-date firmware and have had the default credentials changed to something secure.
  • Wifi SSIDs should use WPA-2 or higher encryption
  • Use of public wifi is ill-advised
• All devices used for corporate work should be able to be managed remotely and have centrally managed malware protection.
• Consider policies around IoT devices with cameras and listening microphones as they could compromise privacy and security.
• All software on devices should be patched against security vulnerabilities.
• Every effort should be made to keep screens and conversations shielded and private from others in the space.
• Only the employee should use the devices: no family members or friends.
• Social media access should be limited and care taken to prevent downloading malware or compromising company information not meant for public dissemination.
• Extra care should be taken to avoid phishing scams.
• If a remote worker suspects or has any kind of breach or other data disclosure, they should report it to the correct people in the company immediately.

Have a plan for extenuating circumstances

Assess:

What: Determine what processes and systems will be affected.
Who: Who must be notified? Who will be in charge of various points?
When: Timeline and priorities for specific actions.
Where: Where will various tasks, events and operations occur?
How: Determine how various requirements will be met.

Communicate:

Name specific roles and actions for your emergency chain of command.
Assign a team to handle immediate response and employee safety.
Extend communication to include customers, vendors, banking institutions and public agencies.
Run training and Q&A sessions when possible.
Practice your plan in a tabletop simulation.
Regularly update emergency and contact information.

When the dust settles:

Touch base with banking services and payroll to ensure order.
Assess role changes and update as needed.
Communicate with employees, customers and vendors as needed.
Stay alert. Cybercriminals and fraudsters may attempt to take advantage of sensitive times.
Be empathetic to emotional needs. In some cases, employees may need access to support resources.

Finally, even if people are working from different locations, keep communication open. There may not be a water cooler to gather around, but personal interactions can occur by other means.