For a decade, work-from-home enthusiasts touted the benefits of a “Remote Workforce.” The benefits of…
- lower office expenditures
- less commute time
- and an overall increase in employee satisfaction
These all certainly warrant a discussion, but business and agency leaders as well as IT specialists are worried about the risk of a distributed workforce.
In the Spring of 2020, we were all asked to Shelter-In-Place (SIP) and work from home. Although we wrote this blog during the crisis, the lessons learned will remain relevant. These strategic lessons can be used by private businesses and by government agencies alike.
What happened to your organization in the Spring of 2020, and what lessons did you learn?
Are you fighting fires…or preventing them?
The first 72-hours of the COVID SIP divided business and government agencies into two teams—those fighting fires and those with an established fire prevention program. Or as we more often hear them called, reactive or proactive. Firefighting and fire prevention. Let’s take a look at both.
Although national news and social media quickly disseminated the intel on COVID-19 and the SIP mandate, some organizations were paralyzed, frozen in time. Internal communication was limited, and a public interface was non-existent. Chief information officers (CIOs) worried about the strength of their security protocols. Helpdesks remained inundated with service tickets.
On average, it took businesses with a reactive IT business model (fire fighters) up to two-weeks to rebound and pivot. The transition left both employees and customers, asking, “Where are you?” The answer is that the IT team was busy fighting fires.
In stark comparison, organizations with a Business Continuity Plan quickly shifted to become a robust Remote Workforce. Employees only needed to pick up their laptops, set up their office at home, and use the company’s secure VPN to continue work. Work and communication all flowed through a safe path. Leaders noted that employees faired well, knowing that their organization maintains a cohesive work and security plan.
In the COVID crisis, The Fire Prevention team moved forward while building confidence, and the Fire Fighters just struggled to put out fires.
The cornerstones of securing the remote workforce
In the first few weeks of the COVID crisis, IT professionals published tips for securing a remote workforce. They advised using business-specific devices, encryption, and Virtual Private Networks. This advice was beneficial but only a starting point. To indeed quell the cybersecurity risk of a distributed workforce, you must include three core competencies in your Continuance of Business Plan.
Put your plan in writing and distribute it to employees, team leaders, HR, and mentors
You must distribute your plan to ensure a smooth transition. Each team or employee may receive a version that is specific to the role that they play within the organization. Consider having each employee sign an Acceptable Use Policy to ensure that the secure methods of remote work are understood.
During a crisis, you will want to ensure that each employee can quickly review the plan and begin the steps to remote work. Consider that your physical office may not be accessible, and employees may depend on your intranet or cloud infrastructure for important information and updates.
Remote Workforce Training is Critical
You do not want your initial test of a Business Continuity Plan to be on the first day of a crisis. Schedule regular tests of your plan, including an “all work from home” day.
Managers and Team Leaders should also schedule training and policy reviews. The HR department should ensure that all new hires complete the continuance of business training.
Do not forget about third party threats
Do you employ contractors, freelancers, or even outsource your IT management? Each may unknowingly pose a threat.
Are they logging into your system from a public WiFi account or using software that poses a threat? If you are using a third party for IT management, know their security rating.
The MainSpring ProSuite model
During the initial weeks of the crisis, the MainSpring team reflected on the creation of ProSuite and the aspects specific to business continuity. We flipped through our ProSuite internal planning documents and found an excerpt written in 2019.
In 2019, our team did not know that a national crisis lurked around the next corner. We did not know that employees would quickly transfer their work environment from the office to their home. We had no idea that a crisis was about to tap everyone on the shoulder, and it would last for months.
A proactive IT model is never a bad idea
We did know that a proactive IT model would stave off negative impact, and we know the importance of testing and training.
In the Spring of 2020, our clients picked up their laptops and set-up a desk at home. The rare service ticket was quickly closed, and the pace of business moved forward for our clients.
The positive results are a testament to the execution of a continuous process improvement IT model, training, and risk management. As the nation slowly moves back to an adjusted normal, are you fighting fires…or preventing them?