Best practices for remote working

With the spread of Covid-19 gaining momentum, it’s impact gets closer to home day by day. Companies are being forced to take drastic measures to close offices which can have an impact on organisations that have not yet put the right tools in place.

Two weeks ago, I mentioned that companies should consider invoking a remote worker policy there and then, before the virus spreads out of control. With a wait and see approach, we now face a reality where entire countries such as Italy are under full quarantine, stock markets shut with trillions of dollars of wealth lost in just one week and no end in sight.

Working remotely can have it’s challenges though and I commend the digital leaders in the various verticals who have already addressed these needs. With the GDPR in effect, remote workers might be exposing organisations to risk that may not have been identified previously due to remote working previously being an exception as opposed to the norm.

The intention of this article is not to sell, but rather to consider. Below are some of my thoughts on how remote workers play a role in Business Continuity by maintaining productivity and still being secure:

VPN

• Whilst some say the WAN is the new LAN, there will always be several components that will need to be accessed behind VPN.
• Most SSL VPN providers provide licensing options based on number of maximum simultaneous instances. Having such an increase in usage may have an impact on bandwidth, licensing and performance. Ensure that Capacity Management of your solution is taken into consideration.
• Full device based VPN’s send all traffic from a device to the data center, so consider looking for a solution that does Per App VPN across all devices – Windows, macOS, iOS and Android.

Identity

• Without being on the corporate network and corporate device – you might be forced to authenticate differently.
• Entering credentials on an untrusted device is just not good practice – consider implementing an access policy with multi factor authentication.
• Even better, try and implement a solution with Single Sign On capabilities across all devices – Windows, macOS, iOS and Android.

Device Security

• Using a Windows personal device? Make sure that you have the latest Windows Updates installed, a respectable Anti Virus solution.
• For corporate devices, ensure that these updates are delivered over the air without impacting the access to your internal VPN. Remember, most of your users are working remotely now…

Application Access

• Some companies still install software from internal file shares, which are usually problematic over the WAN and VPN’s.
• Consider an application catalogue that provides a consistent over the air experience across all devices backed by a global CDN.

Zero Trust Framework

• Ensure that you can whitelist Users, Devices, Applications and Networks.

Emergency Notifications

• Consider the cost of sending out a mass text message to all employees. This can be pricey for companies with thousands of users.
• Consider having a system in place where you can notify users based on existing criteria, instantly over multiple channels.

Virtual Desktops

• As an emergency, some companies might be opening up security holes on high TCP ports to provide RDP access to Remote Desktop Servers to provide access to applications.
• This is not good practice and is vulnerable to port scans and brute force attacks.
• Consider deploying a VDI solution that can provide access to virtual desktops and applications over an encrypted channel.

Remote laptop delivery

• To avoid having employees travel to the office, have laptops shipped straight to the end user and have them enrol with an out of the box enrolment.
• Alternatively ship the device with the required image straight from factory with the required applications already installed on the laptop.
• The device can be joined offline to the domain and enrolled into a Unified Endpoint Management System

Access to Data

• Companies might have data on file shares for consistency and collaboration, which dictates the need for VPN to access internal servers.
• Consider having a solution that syncs files and folders across repositories and having group documents in online web based document library.
• Consider what happens to the data on the devices when the user leaves.

Instant Messaging

• It is important that employees can collaborate across virtual teams when not confined to the walls of an office.
• Consider having a solution that alerts users on multiple devices when mentioned, organises group conversations appropriately and most importantly – easy to use.
• This is important as users will probably be using this for most of their day.
• If using a cloud service, consider where this data is stored and how it is transmitted.

Conferencing

• It is important to have a great meeting experience.
• Ensure users can connect to meetings quickly – even external attendees.
• Investing in the right solution will pay off quickly due to reduced travel costs, especially if lost productivity is taken into consideration.
• Ensure that multiple audio options are provided, eg. Dial-in, Dial back, Computer Audio
• If authentication is required, make sure that Single Sign On is enabled across all devices. The last thing you want are Senior Execs connecting late to meetings because of authentication issues.
• If using a cloud service, consider where data is stored – especially conference recordings.
• For all day conferencing, consider using a USB speakerphone as opposed to headsets.
• Employee engagement is enhanced when attendees provide video as well as audio as a lot more is said with facial expression.
• Consider investing in a proper webcam positioned at eye level.
• This will provide a more natural way of working throughout the day.

Ergonomics

• For sustained remote working, it is best to have an ergonomic assessment of the home working area.
• Consider using an online tool which can guide users through the details.

Printing

• Offices would have had secure disposal bins but this is not available at home.
• If printouts are needed for corporate data at home – consider getting a cross cut shredder.

You may have noticed, but I have not mentioned any specific technology in this article, but rather the outcomes and capabilities required.

Stay safe people.

P.S. Wash your hands….

Stavros Charalambous

TOGAF, ITIL, Prince 2, Certified Scrum Master – currently helping VMware EUC customers achieve success with their Digital Workspace initiatives.