In my previous post, Can Technology Help During a Pandemic?, I talked about the importance of creating a culture of trust as the central pillar both at the employee-side and at the organization-side when it comes to working from home. As the coronavirus pandemic continues to spread across the globe, it has become abundantly clear that having employees work from home is not a luxury but a necessity.
During this time, it is incumbent upon organizations to understand that business processes, business continuity, and information security are a priority for the entire organization. This recognition of priority is both refreshing and stressful at the same time. It is refreshing because it is no longer just IT’s job to do these but it has become an effort for the entire organization as it should be. It is stressful because there is a learning curve that requires time, patience and adjustment.
In regards to business processes,
- Organizations should not assume that working from home is business as usual. It is not. In fact, this is the opportune time to see which business processes and IT processes were overkill. It is also the time to reduce and eliminate steps in the business processes and IT processes that are redundant, obsolete and wasteful. One way to do this is to map all the processes that occur in your organization and link them directly to organizational objectives with metrics.
- Organizations need to understand which of their business processes and IT processes are dependent directly and indirectly on vendors. One way to do this is to imagine what would happen if one or all of their vendors went out of business. What would the organization do if this happens, how fast organizations can recover from it, what would be budget for this, etc?
- It should be noted that the business processes and IT processes that are documented might not even be followed. This would also mean that some of these would be ad-hoc and be highly dependent upon only the people who knew them in their heads.
In regards to business continuity,
- Organizations should not assume that just because they have it on paper that it is implementable. This is where organizations that planned, tested and improved would outshine others. It should also be noted that IT plans are not to make IT people look smart, but in fact, are needed and thus appropriate budgets should be available to do this.
- Organizations need to see themselves as holistic entities with multiple moving parts and each part needs attention. Organizations need to be proactive and be prepared to start from scratch. Optimize, automate, adjust and repeat.
In regards to information security,
- Organizations should not assume that employees’ home/personal computers/devices have the same level of security protections as work computers/devices. At home, there are multiple points of vulnerabilities from weak wi-fi and computers/devices passwords to older versions of software, lack of antivirus and lack of antimalware. One way to address this would be to provide every employee with computers/devices from work that adheres to security guidelines. Another way would be to reimburse employees for purchase/update of software, antivirus and antimalware. The physical security of computers/devices also needs to be addressed.
- Organizations need to outsource to keep up with the security demands of VPN and Cloud but they also need to have their due diligence tougher and faster. One way to do this is to have a preselected vendor list. Another way is to have references from the past 5 years of potential vendors directly from their clients and learn what did the potential vendors learned from their mistakes.
- Security training should be considered future-proofing rather than a time-sucking activity. Also, any organizational leaders that think security is an add-on after the fact have already missed the boat and have opened their entire organization for trouble.
Now, that we have a clear view of what needs to happen during and after this global pandemic, organizations need to ask the following questions when their employees are working from home.
- Who are the most important front-line employees of your organization?
- What areas are being addressed when it comes to working from home?
- Where is your data and processes being captured, stored and retrieved?
- When do data and processes become vulnerable?
- When do data and processes become vulnerable?
- Who should be the most important front-line employees of your organization?
- What areas should be addressed when it comes to working from home?
- Where should your data and processes be captured, stored and retrieved?
- When should data and processes become vulnerable?
- Why working from home should be important?
Originally published at http://arsalankhan.com on April 14, 2020.