From my colleague Sten Vesterli (www. vesterli.com), see below some items to consider as your workforce moves into remote work. More from me on Monday on leadership during a crisis.
Ration VPN connections
If people have ever worked from home, the organization has a Virtual Private Network (VPN) solution. This allows a secure connection from company-issued laptops anywhere (even in a hotel lobby) back to the company with full access. Unfortunately, VPN requires hardware and software in the company datacenter, and you are not likely to have dimensioned the company end to support everyone working from home at the same time. You probably need to ration by person or by time slot.
Install commercial VPN
A basic security precaution for those not on company VPN is to install a commercial VPN product. This adds a security layer to the connection from the laptop and to the VPN provider’s server. There is no additional security from the VPN company to the organization, but most attacks are on the vulnerable WiFi, not the commercial backbone connection out of the VPN company. I use Windscribe (https://windscribe.com) but there are many others.
Don’t use private computers
The private computer of the employee is not likely to be adequately protected and might be full of spyware that records every keystroke. Do not allow employees to use these. If necessary, buy new laptops retail, have IT install antivirus and other security and set up auto update before handing them out. The home network of employees should also be considered infected because there are unknown devices connected. That’s why you need VPN even from home.
Raise security awareness
In the chaos of many people using new software, there are already many attacks where hackers try by email or phone to break in. The best security option is to call back via phone. If somebody claims to be company IT, call back to the company reception on their published main contact number. If somebody claims to be your boss (it is possible to fake voices today), call back on his mobile phone number that you should already have.
Enable two-factor authentication
Some systems allow two-factor identification (where you get a security code by a second channel, e.g. via text message). If you have any systems with this capability where it is not enabled, enable it now. This is more hassle for users, but also more secure, and hackers are out in force. Your IT function can tell you if you have such latent capabilities.
Establish remote support
If you don’t already have a remote support solution, you need to establish it. People will be working with unfamiliar software in unfamiliar ways. I use Copilot (https://www.copilot.com/) to support my family. That service just requires an internet connection and has its own security.
Enable video meetings
If you don’t have a video meeting capability, you need to establish it. I use Zoom (https://zoom.us/), but others are available. Since most people don’t do video calls regularly, preferably get everybody together in small groups and have them practice video calling while still in the office. In that way, people can help each other get everything set up.