How to keep remote teams working securely and happily at home
If you work in one of the companies that is trying to continue normal service while your workforce is at home, it’s more important than ever to ensure that all data and communications are secure, accessible and up to date.
Paul Colwell, Technical Director at OGL Computer / CyberGuard Technologies has shared his views on the key considerations when moving workforces online, from setting up cloud-based IT systems to ensuring that our teams do not become victim to unscrupulous hackers.
How do you establish communications?
A key success factor now will be establishing a close to “normal” work routine away from of the office. That can include morning catch up meetings, communal lunch breaks and core hours.
Throughout the day, team members need to stay in touch. Technologies such as Microsoft Teams and collaboration software with chat and video functionality can replicate office conversations and banter.
But communication isn’t just confined to employees. Clients and partners need to be made aware of how your team will be operating, and how to contact team members.
It is vital to have clear written guidelines that explain how to use services and software in a secure manner. Explaining how and when to log on and how to use video-conferencing tools, access internal resources and data is not only key to ensuring that best practice is established to begin with, but also that staff are fully briefed and in control of their working day. In some cases, employees will be using new collaboration tools, which require briefings on - many providers will have these assets already, so signposting and supporting employees should be straightforward.
How can you protect your business from cyber-criminals?
IT and cyber-security teams will need to be extra vigilant for possible malicious activity. Ideally, any laptop and hardware devices should have hardware encryption.
Phishing, whether untargeted volume fake coronavirus updates that deliver ransomware, or spear phishing attacks aiming to pull off Business Email Compromise (BEC) scams, is currently growing exponentially. Remote workers should be trained to spot suspicious emails and query them.
It’s essential that remote workers double-check the authenticity of messages, emails and phone calls. If in any doubt, the exchange should be reported to an internal security team contact point, who should log and share attempts to warn other employees.
A corporate VPN is an essential security measure, especially for remote workers that may be using suspect connections. However, it is worth bearing in mind that more licences may be required to support larger numbers of remote workers, and that bandwidth may be restricted at certain concurrent user numbers. It is also particularly important that VPN endpoints are fully patched, as with any other software. VPN use should be subject to two-factor authentication (2FA), which is simply set up on VPNs from the likes of WatchGuard and Palo Alto Networks.
Mandating strong passwords (that are not shared with others) adds an extra layer of security, and should be supported by two-factor authentication. Employees should install critical updates when prompted but must not visit illegal or inappropriate sites which pose significantly more risk of ransomware and malware infection.
Many businesses will already be familiar with elements of Microsoft’s Office 365, but by building on top of the usual desktop suite of Word, Excel, PowerPoint and beginning to take advantage of powerful collaboration tools such SharePoint and Teams not only saves service duplication, but also simplifies data security and policy enforcement.
Many businesses take the opportunity to issue remote workers with a dedicated laptop, which can be centrally managed and configured in accordance with internal data policies, as well as protected by the company’s choice of endpoint protection. If remote workers are using their own PC equipment from home, it is vital to ensure that they have installed reputable anti-virus tools, such as Kaspersky AV or Carbon Black, and that the AV is up to date with the latest signatures.
A common pitfall is for internal security teams to mandate tools and processes that are highly secure, commercially approved and a very poor fit for the processes that remote workers are required to carry out in the course of their everyday role. The result is typically a ‘workaround’, involving third-party services or USB drives, especially where data sharing and storage is concerned.
In this case, it is important to assess exactly what processes are required by workers and provide a solution that fits the bill. This might be in the form of approved cloud storage or file sharing tools that can ensure that data is properly encrypted and stored according to industry best practice.
What sorts of tools should employers consider to support remote working?
There are a huge number of excellent remote working tools, from secure cloud storage services, Microsoft’s tools including Teams, Google’s G-Suite through to Zoom. However, not all will be a good fit for your business and processes, so don’t be blinded by the big names.
When looking for advice, a reputable IT services provider can help navigate the choices available today, while the UK's National Cyber Security Centre (NCSC) has published best practice guidance designed to protect data in remote working environments.
To ensure productivity, the key functions to cover include online meetings, document sharing, project management, telephony, security, backup, and cloud-based software and apps.
Cloud-based products like Microsoft’s Office 365 can keep employees connected from anywhere with a reliable internet connection and can offer them full access to workplace tools such as Word, Excel, PowerPoint, OneNote, Outlook, Publisher and Access.
Hosted desktops provide a good solution for businesses wanting to maintain central control of access to all critical business data and applications. Hosted desktops remove the need for maintaining individual high spec PCs pre-loaded with relevant applications and programs, as staff can use a laptop, smartphone, tablet or PC to access everything they need from the cloud, from any location with an internet connection.
If ever there was a time to ensure that data is backed up, it’s now. Saving and storing work is extremely important, so provide employees with software to ensure their critical documents are backed up to an approved external site that is not permanently connected to their device. At this time, cloud recovery solutions from reputable providers also offer a wealth of benefits ensuring your data is secure in state-of-the-arthigh-tech UK data centres and recoverable within either seconds, minutes, hours or days depending on your needs.
Finally, do invest in cloud storage and backup data as this avoids files only being stored on remote devices.
Is there a remote working meeting etiquette?
Simple education on remote meeting etiquette may also be necessary, such as reminding staff to mute the microphone when they are not speaking in a conference call and ensure that web cameras are blocked by default.
Employees should not work in the same room as partners or children (if possible) - especially if they are on confidential calls or working on confidential documents. If two parents are at home, staggering childcare around important calls is recommended.
Critically, employees will need to understand that privacy rules still apply, and they should not send personal information via email or store personal information in non-approved locations.
If it is totally necessary to send personal phone numbers and / or emails, those details should be clearly marked as “delete-later” and always send details in an encrypted or protected form.
How can employers use technology to keep morale high?
In our State of Technology at UK SMEs 2020 research report, we had already noted a massive 94% of businesses in the UK seeing a growth in remote workers and increasingly turning to technology to support them. We never thought we would see companies turning to technology to keep morale up on such a large scale.
Sadly, having swathes of people working from home may threaten to dip morale and potentially affect mental health, so maintaining office-based camaraderie and support is key. Virtual drinks once a week or regular team chats to focus on non-work related matters are advised.
Technology can help to ensure that company culture remains strong, and that employees are coping with the current situation, through regular feedback.