1. Make sure your users have everything they need
It's without a doubt the most important. Not only does it ensure your users are happy (productive) remote-workers, it means they don't revert to finding their own uncontrolled or 'shadow' solutions to their problems (we will come to shadow solutions in a minute or so).
If users genuinely can’t do their job without access to server X or to system Y, then there’s no point in sending them off to work from home without access to X and Y.
Make sure you have got your chosen remote access solution working reliably first – force it on yourself! – before expecting your users to adopt it.
If there are any differences between what they might be used to and what they are going to get, explain the difference clearly and don’t leave them to find that out on their own. They’ll not only be annoyed, but will probably also try to make up their own tricks for bypassing the problem, such as asking colleagues to upload files to private accounts instead of using a storage system they thought they would have had access to remotely.
If you’re the user, try to be understanding if there are things you used to be able do in the office that you have to manage without at home.
This is an excellent opportunity to really evaluate what software you are using in your business and if there are a lot of business-critical tasks you aren't able to complete because you aren't in the office then I hate to break it to you - it's not 1996 anymore! It's 2020 and the cloud is here in a big way
To see how cloud technology can empower your business today, check out our post
on our favourite remote-working software.
2. Make sure you can see what your users are doing
Don’t just leave your users to their own devices (literally or figuratively).
If you’ve set up automatic updating for them, make sure you also have a way to check that it’s working, and be prepared to spend time online helping them fix things if they go wrong. If any of their systems or software has produced warnings or errors that you know they will have seen, make sure you review those warnings too, and let your users know what they mean and what you expect them to do about any issues that may arise.
Don’t patronise your users, because no one likes that; but don’t leave them to fend for themselves either – show them a bit of cybersecurity love and you are very likely to find that they repay it.
3. Make sure they have somewhere to report security issues
If you haven’t already, set up an easily remembered email address, such as email@example.com, where users can report security issues quickly and easily.
Remember that a lot of cyberattacks succeed because the crooks try over and over again until one user makes an innocent mistake – so if the first person to see a new threat has somewhere to report it where they know they won’t be judged or criticised (or, worse still, ignored), they’ll end up helping everyone else.
Teach your users – in fact, this goes for office-based staff as well as remote-workers – only to reach out to you for cybersecurity assistance by using the email address or phone number you gave them. (Consider snail-mailing them a card or a sticker with the details printed on it.)
If they never make contact using links or phone numbers supplied by email, they they are very much less likely to get scammed or phished.
4. Keep shadow IT out of the shadow
Shadow IT is where non-IT staff find their own ways of solving technical problems, for convenience or speed. If you have colleagues who are used to working together in the office, but who end up flung apart and unable to meet up, it’s quite likely that they might come up with their own ways of collaborating online – using tools they’ve never tried before.
Sometimes, you might even be happy for them to do this, if it’s a cheap and happy way of boosting team dynamics. For example, they might open an account with an online white-boarding service – perhaps even one you trust perfectly well – on their own payment card and plan to claim it back later.
The first risk everyone thinks about in cases like this is, “What if they make a security blunder or leak data they shouldn’t?”
But there’s another problem that lots of companies forget about, namely: what if, instead of being a security disaster, it’s a conspicuous success? A temporary solution put in place to deal with a public health issue might turn into an important part of the company’s online presence and so make sure you know whose credit card it’s charged to, and make sure you can get access to the account if the person who originally created it forgets the password, or cancels their card.
So-called “shadow IT” isn’t just a risk if it goes wrong – it can turn into a complicated liability if it goes right!
Most of all, if you and your users suddenly need to get into remote-working, be prepared to meet each other half way.
For example, if you’re the user, and your IT team suddenly insists that you start using a password manager and 2FA (those second-factor login codes you have to type in every time) then just say “Sure,” even if you hate 2FA and have avoided it in your personal life because you find it inconvenient.
Likewise if you’re the IT admin, don’t ignore your users, even if they ask questions you think they should know the answer to by now, or if they ask for something you’ve already said No to, because it might very well be that they’re asking because you didn’t explain clearly the first time, or because the feature they need really is important to doing their job properly.
We’re living in tricky times, so try not to let matters of public health cause the sort of friction that gets in the way of doing cybersecurity properly. And if you need assistance with any of this, join our partners in empowering their businesses with our intelligent solutions.