Risky business - issues and solutions for remote working
Locations
The Covid-19 pandemic has caused businesses to make a lot changes this year, and perhaps the most obvious of these for many is the new 'work from home' paradigm. The series of Government-imposed lockdowns since last March has driven businesses across the country to shift their workforce to remote working with almost no warning at all. Many larger enterprises will have been able to adapt fairly quickly—already having suitable IT infrastructure in place—whilst some smaller organisations have found it more challenging. Across the board however, the move has not been without risk.
Issues
Cybersecurity
A huge number of workers across the UK now have no choice but to use their home broadband to perform their duties, rather than the carefully architected network solutions in place at their workplace. I recently saw the results of a survey of remote workers which reported that less than a third of respondents were using a VPN, which many would consider a basic security measure. Organisations simply don't have the same level of control over the security of their employees' broadband connections at home as they do in their offices, meaning heightened risk where employees are accessing their work systems through their own standard home broadband.
Connectivity
Some employees simply may not have adequate broadband services at their homes to support remote working, despite efforts in recent years to roll out superfast broadband services nationwide. Bandwidth-heavy videoconferencing software and other cloud-based software are essential for many businesses, and some employees may find that their connections at home are just not up to the task.
Stability
The potential for outages affecting employees' home networks introduces new productivity risks. Enterprise telecoms solutions in commercial offices come with service level agreements (SLAs) committing network providers to set resolution times, together with compensation for failure. Providers are incentivised to fix issues as a high priority under these agreements.
If, on the other hand, an employee suffers a home network outage causing the employer a loss, the employer has no remedy available and no means of encouraging the provider to resolve the issue. Whilst SLAs do exist in home broadband contracts, these offer much slower resolution times and little compensation—typically around £8 per day, starting two working days after the outage is reported—and any such remedy is only available to the employee.
Potential solutions
There are some ways to mitigate these risks however, which are available to organisations of all sizes.
Educate: your employees on the importance of securing connections through secure router passwords, and of avoiding suspicious websites or links that may compromise their connection. Employees should be reminded about good physical security habits too, such as taking calls and meetings in private spaces and not leaving confidential information visible. Finally, train employees on any new technology that has been implemented, and the importance of not deviating from trusted solutions.
Implement: tools to secure connections on the devices employees use to access work systems, such as a virtual private network. VPNs create a private connection between a device (such as an employee's laptop) and the organisations' secure IT environment, routing the connection through a more secure encrypted network. Employers can implement multi-factor authentication which requires employees to authenticate their requests to log in to work systems, for example by entering in a code that is sent via SMS. Employers should also look at implementing secure cloud storage and collaboration tools, ensuring employees have a safer location to save confidential documents, instead of keeping them locally on their own machines creating additional security and continuity risks.
Update: your IT support and security solutions. Organisations should ensure their IT support and security operations can support a remote workforce, for example, optimising support infrastructure to assist remote workers and enable reporting of cyber-incidents and potential threats. With working patterns changing, employers should consider how support can be provided outside of usual working hours.
Consider: investing in enterprise-grade solutions such as those now being offered by some network providers. For example, Vodafone and TalkTalk are now offering enterprise solutions that implement enterprise broadband both in their offices and at their remote workers' homes under a single contract between the employer and network provider. This gives employees access to enterprise-level broadband and all the benefits that come with it, such as enhanced SLAs, access to continuity plans in the event of any outage, and a faster, more secure connection.
Conclusion
Organisations were forced to move fast to maintain business continuity when Covid-19 first struck, and have been largely successful in transitioning to different working practices. We've been less concerned with 'what ifs' and minor issues, and have focused on what is good enough for the day-to-day.
Now however, as we consider our working practices in the longer-term, we mustn't be complacent. A good first step would be to consider what we need to do to maintain and improve security and stability of our systems and practices.