A remote workforce can bring amazing benefits to your company - increased productivity and engagement, decreased overhead, and improved work-life balance for your employees. But with these benefits comes the need for a different kind of planning when it comes to topics like security and business continuity.
Here's a checklist to help you plan for and manage a remote workforce. All of the listed items are suggestions that you can keep in mind as you implement a remote workforce or create a work-from-home policy within your company. Keep in mind this isn't an exhaustive list, but it should definitely help get you started with the right frame of mind to achieve a desirable outcome.
Working from Home
Your first priority should be ensuring that your employees have the ability to access company resources securely from home - since it's probably the space outside the office they will be mostly likely to use.
Do your employees connect to company resources through a VPN (virtual private network)?
Do your employees have access to a secure gateway (such as a Citrix portal)?
When your employees log directly into cloud applications, like Office 365, is MFA enabled?
Because human error causes about 88% of data breaches, you have to make sure your security is always at the forefront of your employees' minds.
Have you defined a remote access policy - that is, can employees work from anywhere or only from their private wifi at home? Do you control and review those methods?
Do you govern remote access to systems and data for contract or temp workers?
Do you control and monitor third-party accounts, such as those for vendors, that have remote access capability?
If you aren't using any cloud services yet, now might be the time to get started. 94% of businesses use some form of a cloud solution, and it's important to put some thought into which ones you use and how you'll manage them.
Do you use cloud management controls to make sure your data is secure and compliant with industry standards?
Does your cloud security architecture support your technology strategy - i.e., is it scalable and flexible?
Migrating and implementing cloud solutions can be a very complicated job. If you're not sure where to start when it comes to cloud solutions, checking out the Pros and Cons is a great place to start.
Business Continuity and Disaster Recovery
With everyone away from the office, maybe even in different time zones, a disaster takes on a whole new set of challenges. By making sure you have a clear plan, you can be ready for anything.
Do your business continuity and disaster recovery plans include internal and external factors - power outages, internet service disruptions, and employee absences?
Have you identified all of your orgs critical systems?
In case of a emergency, do you have temporary roles for employees who may not be able to accomplish their everyday tasks? And are all employees aware of their responsibilities in case of an emergency?
Have you made specific goals on how long it will take you to recover (Recovery Time Objectives) and what that recovery looks like (Recovery Point Objectives)?
Do you debrief each time you use your DR plan, and keep it updated as business needs and technologies change?
Physical and Environmental Safety
While physical and environmental threats are location-specific, it’s crucial to make sure both office staff and remote workers are aware of the dangers in their particular area.
Does your company facilitate physical and environmental safety controls such as first-aid and fire suppression?
Are your remote workers located in areas with environmental dangers? For example, do you have employees located in hurricane-prone areas or areas vulnerable to fires? What measures are in place to ensure their safety and secure their work devices?
Do you have a protocol in place for managing the work of employees experiencing an environmental disaster?
Are company devices with private data in a safe physical environment, safeguarded from theft or destruction?
This list is a great place to start because not only do you need to answer some of these critical questions to achieve a good baseline, they should also generate more questions. Once you've tackled everything, you should feel confident that your business will weather any storm - literal or figurative!