What are some of the considerations when developing a ‘Remote Work’ strategy?
Answered by Mark Hofman, Chief Technology Officer, CyberCX |
With many organisations trying to manage staff working remotely for the first time, there are many things you need to consider. These are three of the most common issues:
Firstly, you need to ensure you have updated ‘Work from Home’ policies. Without practical rules in place to guide staff actions when working remotely, you cannot expect that all staff will know what to do when it comes to securing your organisation’s IT assets and data.
Secondly, ensure that your IT team is able to continue operating effectively. They need to have sufficient control over endpoints, networks and any other systems required for business continuity. It is essential your IT team continues to have the capacity to patch and update systems when necessary. They also need to be able to monitor your environment for signs of unauthorised access and data flows. With staff more vulnerable to attacks as they work remotely, this is critical.
Thirdly, there are a range of technical considerations that will impact individual staff members. You need to ensure they have access to secure home wi-fi networks. They may need assistance ensuring these are secure. You will need to ensure they have the capacity to access your organisation’s network through a VPN. You will also need controls over endpoints. If staff are using a company laptop for work, this is quite straight forward. However, if they are using their own computer, you need to ensure the devices are updated and secured. The devices must adhere to your requirements. Alternatively, consider using virtual desktops where the end computer that is used to connect to your organisation’s environment is of lesser importance.
Staff are also likely to experience a range of connectivity issues that you will need to address. You can expect queries along the lines of “I have exceeded my data cap, who will be paying for this?” or “I only have an X connection and it will need to be upgraded to Y for work reasons”. These issues may be painful, but unfortunately you will need to assist staff with such matters.
Another important consideration is to ensure you don’t loosen policies around device controls and access. Whilst it may be tempting to do so at this time in order to make life more convenient for staff, this would be a mistake. With staff working remotely, they can be more exposed than ever to attacks. Access and device controls should remain tight and they should continue to be carefully managed by your IT team.
View our 5 easy steps to improve your cyber resilience.