Published.: July 23rd, 2020
 

From the beginning of the virus to its evolution into a pandemic, Covid has presented challenges to companies in terms of processes, policies and technology to adapt to each phase of the crisis. They immediately questioned how and what would be the scenario if employees should work from home as a way to cushion the impact by taking technology as the main tool.

These challenges have, of course, included business continuity, remote work, cybersecurity, limits, and data—where IT and information systems staff have played a key role. Before the pandemic, in many companies, working from home was a benefit granted one or two days a week. In some cases, it still remains a taboo subject, especially for managers who believe their team’s productivity depends on physical presence and strict schedules. Today, the rules and percentages have shifted. Most of those managers have changed their perspective and now recognize the benefits and cost savings this implementation brings.

It is the responsibility of the IT department to inform management and other executives about cybersecurity risks without exception. And now more than ever, team members must keep in mind that cyberattacks can—and will—increase significantly. Of course, the IT setup is not the same for a small business (SMB) as for a large enterprise. Typically, SMBs rely on cloud solutions, and those that had already set up this structure in the past did so mainly to reduce support and IT costs—most often for email and collaboration tools. Perhaps not for shared file servers, but with USB drives and a few shared folders, they can make it work when shifting to home setups. Medium to large organizations, however, must take into account a few critical points:

  • Information security:
    • Access must be via VPNs, properly segmented by user groups and roles. For users with elevated privileges, restrict access to specific IP addresses.
    • Two-factor authentication (and in some cases, multi-factor) is essential.
    • Change existing passwords for new, strong ones.
    • Never share passwords with anyone. If it is absolutely necessary, share the username, password, and details through different channels.
    • Log out of the VPN at the end of each workday.
    • Employees should be advised not to use free or shared Wi-Fi networks with neighbors.
    • Ideally, personal devices should be wiped of company information once the quarantine is over, for security reasons.
  • Logging actions and connections:
    • Maintain a clear and detailed record of who, how, and when each information point is accessed. In other words: a log of everything and everyone.
  • Taking advantage of new tools:
    • IP telephony: Bring office extensions to cell phones or forward calls if IP phones aren’t an option.
    • Virtual desktops: Help users feel less disruption when switching workstations and ease adaptation for those unfamiliar with remote work.
    • Virtual meetings: Zoom, Skype, Gotomeeting, Microsoft Teams, Google Meet, and Cisco Webex replace physical meeting rooms with virtual ones, equipped with all the necessary tools to make the transition smoother.
  • Bandwidth:
    • Increase bandwidth and ensure redundant, symmetrical connections. Upload speeds should match download speeds. A single point of failure can jeopardize the entire remote work plan.
  • Incident monitoring:
    • Have monitoring tools and staff to quickly detect incidents—this will help prevent data disasters. A physical virus like COVID-19 must not distract from the fact that digital viruses and cyberattacks also exist.
  • Process manuals and organizational policies:
    • Must be user-friendly and easy to understand for everyone.
    • Support desks will be overwhelmed, and in the first days, everyone will have “urgent” needs.
    • Use support tickets—and patience will be essential.
    • Refreshing users on security policies, written processes, and organizational guidelines is mandatory.
  • Remote desktop connections:
    • Tools like Teamviewer, AnyDesk, LogmeIn, pcAnywhere, or Microsoft Remote Desktop lack the required security if used without VPNs.
    • They require devices to stay powered on, which could cause electrical issues or even fires if machines are not designed for server-like uptime.
    • Power outages can disrupt the entire plan without UPS backup units.
    • However, these tools may still be useful for IT support teams helping remote employees.
  • Cybersecurity awareness:
    • Phishing attempts have surged during remote work. Fake emails can cause serious issues if clicked.
    • Employees using personal devices must have updated antivirus (even free ones), active firewalls, and avoid downloading pirated content with hidden malware.
    • Companies and support teams (internal or outsourced) must provide basic guides, policies, and recommendations to balance security with user privacy.
    • Safe browsing practices are essential.
  • Backup processes:
    • Increase backup frequency and maintain more historical data. Data theft and corruption remain critical risks.
  • Legal considerations:
    • Employees should sign an agreement covering responsibilities for handling company data on personal devices and installing company software.
    • Software licensing must be carefully managed. Some vendors have temporarily granted free licenses to support remote work.
  • Security systems:
    • Even with offices closed, physical security systems (alarms and cameras) must remain active.
  • Work schedules:
    • Remote work does not equal vacation. Normal work hours and boundaries must be respected.
    • Managers should avoid contacting employees after hours unless critical.
    • Flexibility is important, but clear daily goals and regular monitoring are equally necessary.
  • Outsourcing:
    • Non-core services like accounting, marketing, IT support, software development, project management, and training can be outsourced.
    • Outsourcing contracts often include specific SLAs, giving companies confidence and stability.
    • Models include time-based (hours, days, monthly) or outcome-based (per task, incident, or project).
    • Performance is tracked by KPIs, helping management measure service quality.
    • Risks are reduced as they are transferred to specialized providers.
    • Variable costs become fixed costs, and staff replacement is the provider’s responsibility.
  • Trained staff:
    • A trained workforce is essential to face crises.
    • Training does not always equal high costs.
    • Platforms like Udemy, Pluralsight, Lynda, and Coursera offer affordable or free training options.
    • Webinars are another effective way to update and share knowledge across organizations.
    • As one managerial conversation wisely says:
      • “What if I train my employees and they leave?”
      • “Better ask yourself what happens if you don’t train them—and they stay.”

At Asicon Consulting, we offer services in software development, infrastructure, web development, equipment sales, accounting, resource outsourcing, project management, process optimization, and