After transitioning their staff practically overnight to working remotely, organizations are looking to resume some form of normalcy to their pre-pandemic conditions. The challenge for most will be the reduced degree of control over their IT assets, an increased presence of unapproved workaround methods, and the need to focus staff on previous projects while still operating in a staged recovery period.Resuming office operations means that organizations will need to prepare for the long-term, but should also take the opportunity to consider doing more with less. There is no better time than a crisis to consider how the use of technology could improve the overall welfare of the staff as well as drive out efficiencies in the organization.
Responsibly resuming IT operations includes the following:
Organizations will need to re-assess impacts of new workflows on their informational assets. These include, what to do if a critical system goes down, how to deal with breaches of confidentiality, breaches of privacy, or a general disruption of internal processes. These could also include reacting to acts of malicious or non-malicious intent.
A risk tolerance assessment will help determine what steps the organization must make to reduce its exposure to any potential negative impact. A low risk tolerance requires that a higher level of security controls be achieved, and appropriate programs and tasks implemented.
The degree of sensitive data that is stored, the amount of financial controls, and government regulation will all play a role as to how much risk the organization is able to accept.
IT policies will need to be re-evaluated in light of the short-term changes that may have taken place during the transition. Much of the workflow may not have been properly documented and privileges granted to allow staff to work from home etc. Examine what access levels, and access rights are appropriate to reduce the level of risk to the organization.
Earlier this year organizations were challenged with moving all or a good portion of their staff offsite very quickly. Now they are challenged with how to safely and responsibly move employees back to the office as government policies and organization requirements mandate.
Workspaces, shared staff lounges, and meeting rooms will all need to be enabled to allow for physical distancing.
Now that many organizations have become accustomed to holding ‘Zoom’ meetings, or use of similar technology, staff will see it as a means to ensure self-distancing norms are met.
If new workspaces need to be created, assets such as laptops will need to be secured appropriately. A cable lock may be useful to secure items. Safe storage of the assets could include having staff take equipment home, or stored in a locker onsite.
Consideration will be necessary for network connectivity. Options include, WiFi, pop-up hot spots, or Ethernet cabling. Likewise power outlets, and surge protection will be required.
Encryption on mobile assets will be required to keep data safe in case the device is stolen or lost. With iOS 9, Apple has pushed for even more security by making developers encrypt all apps on its smartphone.
‘Hoteling’, or the shared use of office space as staff work part-time, may be options where workspace doesn’t allow for comfortable distancing options.
Hoteling software such as Skedda is available to help with visualizing, and organizing shared spaces. Skedway is free for up to 3 rooms, and 250 users, works with Office365 and QR codes and allows for meeting room booking and/or desk booking.
Use checklists for staff to ensure that shared equipment such as chairs, desks, keyboards, mice, phones etc. are all sanitized either at the end of a shift or at the beginning.
With staff working back in the office on their own, in a shared situation, or in a blended manner, a significant consideration will be placed on collecting personal data as part of contact tracing. This is a process that some organizations may be required to implement in order to ensure the safety of its workforce, its customers and the general public. Should a staff member be diagnosed with COVID-19, their interaction with team members, and others can be quickly identified and potentially affected individuals alerted.
The tracked information should be secured in a manner which doesn’t put the organization further at risk.
After the mass rush to work from home, we now have some time to consider what information has migrated to personal devices, and what equipment may have been quickly purchased and not secured appropriately. Collecting information on these assets is critical.
BYOD, MDM are now abbreviations that are brought back into focus for I.T. Corporately owned assets vs personal equipment will require the implementation of effective controls, and the creation of a less fuzzy end-user computing strategy.
It is important to get control of this equipment as soon as possible to prevent the growth of unsanctioned applications, and ensure that proper data governance can be maintained.
Assets, which may have been frantically purchased when offices shut down, may now need to be freed up for re-deployment. Several scenarios require the re-provisioning based on moving ahead with staff working at the office, working from home or a hybrid model. Asset sharing either by ‘hoteling’ or ‘hot-desking’ may need to be abandoned or adopted depending on an organization’s strategy.
A ‘cleaning location’ may need to be setup/identified for staff so that returned items can be sanitized appropriately.
There is conflicting information as to whether, or for how long a virus can live on surfaces. Anything with a high alcohol content may damage the surfaces of computing equipment. Tests should be performed prior to the widespread use of any cleaner.
In addition, assets may need to be re-imaged, patched, secured, or may require additional software configurations in order for it to be properly used in the corporate environment.
During the crisis, the increased demand on the distributed Internet network overwhelmed the existing infrastructure. It took time for ISP’s and wireless providers to provision technology to handle the load which had spread to the residential sectors. Like those providers, businesses must improve access to their own data networks.
However, access cannot be the implemented without putting strict security controls in place. VPN connectivity, intrusion detection systems, cybersecurity measures, will all require a higher level of attention to combat the ever present threat of malware attacks.
Overall the recent COVID-19 natural experiment has proved that change in the workplace is possible. The use of technology has allowed this to happen and has the added ability improve lives, reduce stress, and improve our work/life balance.
Organizations must now embrace this change, and determine how they need to manage risk and in the process provide employees with a positive and safe work environment.