Avast CISO shares tips and advice for SMBs to transition their workforce securely
The world of work is changing as we all try to adjust to protecting ourselves, and companies that can are rushing to prepare for extended periods of work from home. This brings some substantial challenges for IT and security managers. The head of the company which makes Slack documented its own journey in this Twitter stream and it can be instructive for those of you that are making your own transition into becoming a 100% work from home (WFH) staff.
This is my first-hand experience on the front lines of our own evolution here at Avast. Yes, like Slack, we are a technology company which has employees across many countries and continents. But we have had to make some adjustments. Here are some lessons learned and a few pointers to help your own efforts.
- Assumptions. You must assume everyone is connecting in an Internet cesspool and they are accessing important corporate assets. This means that they need the appropriate protection, security, and tools to get their jobs done. This also means that they might be tempted to use shadow IT resources such as Dropbox or other personal methods. Don’t let convenience be your enemy, and plan ahead for supporting WFH situations.
- Desktop implications. Just because everyone has a laptop doesn’t mean that they can make the transition to WFH successfully. If you have workers that are sitting at their desks, they typically have a docking station, a nice big keyboard and multiple monitors. Now they must do their jobs without any of those peripherals. Depending on their situation, you may need to develop policies quickly to allow them to take office equipment home or purchase additional external monitors and other gear to complement their laptops.
- Bandwidth. While most of us have a broadband connection, our home networks might not be enough, particularly with upload speeds and low enough latency to support video conferencing and large file exchanges. Run tests and work out a plan to upgrade home bandwidth as needed. Have a policy on this so that employees can take care of the issue themselves.
- Video conferencing. Keeping your WFH staff connected means getting everyone familiar and comfortable with video conferencing. Pick a corporate standard and purchase an enterprise license. Make sure there is adequate audio gear (microphones and speakers) that will work well with your standard conferencing tool – you might need to buy supplemental gear if the built-in ones on their laptops aren’t adequate. Video conferencing will also become more important as more in-person conferences are going virtual – periodically check this link for those events that you might want to attend virtually.
- Video conferencing etiquette. A second part of learning how to use video conferencing is understanding the necessary etiquette. This means what is shown in the video frame, including dress and your room setting that should be appropriate for the workday. Zoom even offers virtual backgrounds to help keep your clutter hidden, and people can have some fun with their surroundings to lighten the mood.
- Printing and file sharing. These are two common tasks that we take for granted in the office, but when we are working from home they can both turn into tech and security nightmares. Your IT department should understand the implications and provide ways for corporate data to remain secure under the circumstances.
- Other tools. Pick an online platform (Office 365 or G Suite) as your corporate standard if you haven’t already and don’t try to do this yourself with some ad hoc solution. Also, understand which specific systems WFH staffers will need remote access and make sure this access is secured by appropriate VPNs or other end-to-end encryption.
- Mentoring and IT help desk support. If you already have remote workers, see if they can help ease the transition for their colleagues who will be doing this for the first time. This piece in the NY Times has some other helpful suggestions for how to set up your personal space and here are some other suggestions from a blogger on how to interact with your family. Schedule informal times to help support the newbies on your staff. Start training your help desk staff how to support WFH situations, tools, and anticipated technical issues.
While there are many challenges with WFH, there is also a lot of upside in improving your resilience and overall security posture and potential productivity benefits too.