A remote workforce can bring amazing benefits to your company - increased productivity and engagement, decreased overhead, and improved work-life balance for your employees. But with these benefits comes the need for a different kind of planning when it comes to topics like security and business continuity.
Here's a checklist to help you plan for and manage a remote workforce. All of the listed items are suggestions that you can keep in mind as you implement a remote workforce or create a work-from-home policy within your company. Keep in mind this isn't an exhaustive list, but it should definitely help get you started with the right frame of mind to achieve a desirable outcome.
Working from Home
Your first priority should be ensuring that your employees have the ability to access company resources securely from home - since it's probably the space outside the office they will be mostly likely to use.
- Do your employees connect to company resources through a VPN (virtual private network)?
- Do your employees have access to a secure gateway (such as a Citrix portal)?
- When your employees log directly into cloud applications, like Office 365, is MFA enabled?
Because human error causes about 88% of data breaches, you have to make sure your security is always at the forefront of your employees' minds.
- Have you defined a remote access policy - that is, can employees work from anywhere or only from their private wifi at home? Do you control and review those methods?
- Do you govern remote access to systems and data for contract or temp workers?
- Do you control and monitor third-party accounts, such as those for vendors, that have remote access capability?
If you aren't using any cloud services yet, now might be the time to get started. 94% of businesses use some form of a cloud solution, and it's important to put some thought into which ones you use and how you'll manage them.
- Do you use cloud management controls to make sure your data is secure and compliant with industry standards?
- Does your cloud security architecture support your technology strategy - i.e., is it scalable and flexible?
Migrating and implementing cloud solutions can be a very complicated job. If you're not sure where to start when it comes to cloud solutions, checking out the Pros and Cons is a great place to start.
Business Continuity and Disaster Recovery
With everyone away from the office, maybe even in different time zones, a disaster takes on a whole new set of challenges. By making sure you have a clear plan, you can be ready for anything.
- Do your business continuity and disaster recovery plans include internal and external factors - power outages, internet service disruptions, and employee absences?
- Have you identified all of your orgs critical systems?
- In case of a emergency, do you have temporary roles for employees who may not be able to accomplish their everyday tasks? And are all employees aware of their responsibilities in case of an emergency?
- Have you made specific goals on how long it will take you to recover (Recovery Time Objectives) and what that recovery looks like (Recovery Point Objectives)?
- Do you debrief each time you use your DR plan, and keep it updated as business needs and technologies change?
Physical and Environmental Safety
While physical and environmental threats are location-specific, it’s crucial to make sure both office staff and remote workers are aware of the dangers in their particular area.
- Does your company facilitate physical and environmental safety controls such as first-aid and fire suppression?
- Are your remote workers located in areas with environmental dangers? For example, do you have employees located in hurricane-prone areas or areas vulnerable to fires? What measures are in place to ensure their safety and secure their work devices?
- Do you have a protocol in place for managing the work of employees experiencing an environmental disaster?
- Are company devices with private data in a safe physical environment, safeguarded from theft or destruction?
This list is a great place to start because not only do you need to answer some of these critical questions to achieve a good baseline, they should also generate more questions. Once you've tackled everything, you should feel confident that your business will weather any storm - literal or figurative!