As the world continues to emerge from Covid, how we work will continue to evolve. Nobody can deny that how we work will never be the same. Companies that moved to work from home out of necessity - and with lightning speed - are now grappling with their long term strategy. How best to balance productivity and real estate costs with the ability to attract & retain top talent and maintain company culture are just one set of considerations. As technology partners, we've identified four primary areas we help clients move toward Work-From-Anywhere:
Technology Enablement
You already know how important technology is to your business. Everyone is connected - all the time - to the internet, email, Teams, Slack, cloud enabled apps and so much more. That makes the transition to Work-From-Anywhere much easier for many companies, but even with the easy access, there are several considerations for technology enablement.
- Will your employees access data from a personal device or a company-provided device? Have you balanced the anticipated cost savings and simplicity against the security tradeoffs associated with employees using their own devices?
- Will your employees make outbound calls from personal cell phones or will your phone system allow remote work? Is it OK if the only phone number your customers have for your business is the personal cell phone of one of your employees?
- Do you have policies that make it easy for your employees to request and receive new/updated equipment? How do you handle deploying computers to new hires or upgrading the computers of your current staff?
- Does your firewall/router allow for VPN (Virtual Private Network) access? If your staff needs to access the server at your office, without a secure connection to the office, you're putting your data at risk.
Communication
The ongoing exchange of thoughts and ideas is critical to your culture. Without ongoing communication and collaboration, culture and effectiveness both suffer.
- How will important decisions, updates, deadlines, and working guidelines be communicated to employees? We recommend Slack (or Microsoft Teams) to enable ongoing communication. When employees can huddle through instant messaging, you'll be amazed at how many fewer meetings you'll need.
- How will ingoing/outgoing phone traffic be handled? With the right VoIP system, employees can use a "softphone app" that allows them to make and receive phone calls from an app on their cell phone as if they were dialing from a phone at their desk in the office. Call traffic will flow exactly as if they were physically in the office.
Security
- Are all devices used by remote staff being properly secured to ensure data security? We've found when employees work from their personal computers, macOS and applications are out of date, there's no anti-malware or security, and the Mac is often shared among the rest of their family. This lack of security and visibility is why we generally recommend against employees using personal devices for work.
- Are there any industry regulations that you need to consider? (HIPAA, FISMA, PCI, GDPR, etc). Regulators don't care that you have work from home employees - all that data has the same rules and restrictions. For instance, if someone access medical PHI data from a home computer and saves a simple PDF, they may have just created a HIPAA violation if that same computer and username is shared with other members of the house.
- Do you have processes for updates and patching? Basic cybersecurity is often automated or outsourced in the office. But how do you enforce and monitor that with yours staff's home computers? Will you trust them to patch and update all their software? This is another area where we've found that the risks are just too great to consider employees using personal machines to be a good idea.
- Do your employees receive ongoing training aimed at helping them make good security choices? Oftentimes, we can set up guardrails in the office to minimize the impact of a bad security choice. That's not an option if the user is working on their personal machine.
Policies & Processes
- Do you have a work-from-home policy in place? It's important to set the ground rules and expect your staff to follow them.
- Is your remote policy written and acknowledged by employees? If you don't clearly communicate your expectations, you're setting your employees - and your company - up to fail.
- Do you have employee training in place to identify email phishing attempts? A vast majority of hacks (as much as 90%) start with email and social engineering. If a hacker can get one of your employees to click a bad link on a less secure home computer, it's easier to get and maintain access. Then when that user brings the laptop to the office or connect to a VPN, the bad guys have access to the rest of your network.