COVID-19 is forcing companies around the globe to keep their staff away from the office. Luckily, IT in 2020 has become agile enough to provide the circumstances that most of the work can be done from the comfort of one's own home. However, this may not be as trivial for IT operations as it might seem.
EclecticIQ’s Head of IT & Security shares insights from his team and tips for ensuring that your organization is prepared to have your staff work from home (WFH) in the coming weeks.
In most companies, IT is what we like to call "the oil in the engine": It's everywhere and helps to keep the parts of the machine in motion. As with a real engine, good oil leads to all parts moving smoothly. Our colleagues from the Fusion Center have already warned for COVID-19 related malware and phising attempts in another blog post. However, a word of caution also goes for "free tool offerings" that are probably flooding your inbox right now. Here you should keep an important rule for any kind of cloud strategy in mind: it's always easy to jump at a new solution, but don’t start introducing and piling up seemingly useful cloud tools unless you are convinced that they will really benefit your organization.
The Home Setup
One of the prevention methods for COVID-19 is a good personal hygiene routine. The same goes more or less for doing proper work from home setups:
Invest in a good microphone and/or webcam so colleagues can hear and see you clearly during remote meetings. If your employer does not want to reimburse these, see this as an opportunity to invest professionally in yourself. For webcams we'd recommend (and issue) the Logitech Brio or Logitech C920s. For headphones you can go all out fancy with the Bose NC700 but the more budget friendly Sony WH-CH700N will also do fine (FYI, we have no affiliation with any of the brands above, we merely want to provide you with useful recommendations).
Have a routine in the morning: Sure all day in PJs may seem like heaven at first, but it's a bad routine if maintained. Get up, dress up & show up. Eat healthy and make sure to get away from the screen often by even just doing simple walks around the house.
If possible in your situation, make sure you have a dedicated room where you can work as distraction free as possible.
Everyone understands that this is a special situation. If you are in a video conference with an important customer, they surely will understand when a pet walks in the room or your toddler comes in looking for his or her favorite toy. We're all in the same boat right now!
IT Department Checklist
The IT side of things requires a bit more planning in order to get the transition from office to large-scale WFH culture right: After all a happy worker is a productive worker!
Make sure that you have enough IT assets in stock. Naturally, Amazon next-day delivery is tempting – also from a cost-saving perspective - to keep stocks as low as possible. However, we advise to always have a pile of laptops handy just-in-case.
Make sure that prior to introducing a WFH policy you have verified that your VPN infrastructure can handle all that traffic. VPN traffic can be CPU intensive, so make sure your infrastructure, as well as the bandwidth towards the VPN infrastructure, is adequate and tested. An untested configuration is a bad configuration!
If you are using an MDM configuration only configure it to push security-critical updates and also only for the time being: Not everyone has a 1000/1000 Mbit fibre connection at home.
If you have a dedicated team for IT Operations that is needed on-site, we advise to disperse them in a roll-call scheme: One half at the office, the other half working from home. If a team member gets infected by the Coronavirus and needs to get quarantined, you still have spare personnel to keep the factory running.
Capacity monitoring is key: Make sure you have a set escalation path to increase capacity where needed.
Colleagues get more relaxed when they are working from home and this opens up opportunities for phishing attempts and malware infections: Make sure you keep a good eye on those logfiles at the SIEM and observables in your Threat Intelligence Platform, if you have one. Further, keep reminding your staff about being on their toes and look out for lure emails such as phishing attempts.
At EclecticIQ we have had a work-from-home friendly environment since our early days and these are some of the lessons we have learned along the way. This is a new situation for everyone, so try to stay calm when things aren’t working as they should. We hope that our tips will help you in achieving success in the transition to 'full WFH'.
We hope you enjoyed this post. Subscribe to our blog for more interesting reads on Cyber Threat Intelligence or check out our resource section for whitepapers, threat analysis reports and more.