The strategy to work from home is a valid, proportional response to a pandemic (and many other Disaster Recovery scenarios). The problem many businesses are facing is that though some employees can and do work from home, the vast majority of office-based employees don’t, aren’t equipped to and possibly shouldn’t. Therefore, this perceived panacea to the current situation needs further thought and practical scrutiny before firms roll it out across their entire workforce.
For over 20 years, I’ve worked with thousands of businesses on workplace continuity plans, and the following 5 key considerations must always be reviewed:
Devices and connectivity
If you are a laptop user, with a company mobile and data plan, you are a mobile user and can already work from home (or anywhere). If you are a ‘classic’ office-based worker, you probably have a desk phone with a switchboard extension or DDI and a desktop PC – you’re not set-up to work from home.
The company therefore needs to consider whether it’s technically possible for you to work from home. There are a few popular choices:
i) Equip users with a company-owned laptop, set-up by the IT dept
ii) Allow users to use their own devices and provide access to a virtual desktop
iii) Allow users to use their own devices to connect to their work desktop in the office
iv) Allow users to have work applications installed directly on their own devices (not recommended)
These solve the computing but not the network connectivity challenge. If you have home broadband then it’s not unreasonable to use that, along with a corporate VPN. If you don’t have broadband, then the business needs to buy it or equip staff with a MIFI 4G/5G dongle or phone.
This leads onto the broader question of communications. There are some great collaboration and messaging tools (e.g. Microsoft Teams or Slack) which also include video conferencing to provide important human interaction. However, for customer facing roles, you will need to consider how voice communications can be delivered remotely. If users don’t have a company mobile, they could use a home phone or personal mobile – but this leads to problems with bills for work-calls and the confidentiality of personal numbers being shared with customers.
The best solution is to use a to use a cloud-based, VoIP ‘soft phone’ using the internet to carry the calls. Users can make calls on their laptops remotely using just a headset as if they were in the office. Those that have used these will have experienced the frustration of calls occasionally breaking-up. If calls are internal then it’s tolerable, but for external calls to clients it’s not. Also, the risk of poor-quality voice-over-internet will increase as a result of additional home broadband utilisation.
If you’ve solved all of the problems listed above, you’re now able to use a desktop and make and receive calls. However, can you do everything you need to? Many firms use Office 365 and therefore email, office applications and shared documents can all be accessed with an internet connection.
However, there are a good number of firms that still use legacy applications. These either can’t or won’t easily run over the internet and therefore the options detailed above really need some thought. Remotely connecting to an office PC that can run the legacy application may be the only way, but then you’ve got a bit of tech prep-work and user training to factor into your response plans.
Let’s assume that 10-20% of staff normally work from home. You now face a scenario where it may be 50% (assuming you have split your office between home and office workers) or 100% if an office has closed. Your remote working technology, (routers, firewalls, VPNs) will probably not have been scoped for that capacity. Does your organisation have the infrastructure, network bandwidth and the licences to allow you to support the number of users?
Outside your firm’s own scope is that of the public networks – both internet and mobile. Nearly all personal and home communication networks work on a contended basis. We all share the available capacity. The best way to think about this is motorway traffic during rush hour where loads of people all going in the same direction at the same time creates bottlenecks. Speed and quality will be impacted if a large proportion of the working population are all using mobile and home broadband connections at the same time. The earlier choices of applications and voice solutions therefore need to consider the bandwidth requirement and minimise that wherever possible.
You might remember the BBC correspondent whose young child happily gate-crashed a live interview! In that case, he actually had an office where he worked from home. Many workers don’t have the luxury of an office. Younger workers in larger cities are likely to live in shared accommodation.
An Executive Board making decisions on home working will have a perspective based on their own home environment. For many the reality is very different, working on a dinner table, perched on a kitchen top, or working from their lap on a settee. These are OK for the odd few hours of post dinner email catch-up, but not for eight hours straight for weeks or months.
Firms have a Health and Safety obligation to their staff, wherever they work. In the office, staff may have particular chairs, RSI mitigation devices, anti-radiation screens etc. Most staff will be accommodating when at home, but some will need assistance so you should consider a simple home working self-assessment.
Security & Confidentiality
Finally, assuming all of the above can be overcome, there is a fundamental question to ask – are we allowed to work from home? Since the last pandemic outbreaks in the mid 00’s we have had fundamental reviews of data privacy regulations (GDPR, PCI etc). We have also learned from breaches that data is subject to compliance and oversight wherever it lives.
A worst-case example would be a homeworker, using their own PC; own mobile; working from a communal area in a shared flat; talking about and accessing company, personal and perhaps financial data. This method of working from home is simply not acceptable vs. the benefit.
This won’t apply to all staff, but for many firms it highlights the potential issues and for alternative methods to be considered or their function suspended. Some general advice for remote working security:
· Require passwords for all devices
· Enable MFA for all applications
· Encrypt all hard drives
· Lock devices if an incorrect password is inputted too many times
· Automatically log-out or lock devices after a period of inactivity
· Enable remote deletion or wipe capabilities
The government is planning the next phase of its response and firms are already enacting their Business Continuity plans. Whilst working from home is a well-trodden path, the reality for many is that it will be the devil in the detail that will make it a reality – or not.
Mike Osborne is Non-Executive Chairman at Databarracks