The Federal Council’s order to work from home where possible is the most widely discussed measure. Although it is certainly an effective step, it is important not to offer this option in haste or without adequate preparation and technical assurance. Rapid implementation of remote working is often associated with security concerns and significant risks for companies. Although the practice is widespread, working from home involves considerable organisational and technical effort – especially if all possible security, privacy and compliance guidelines are to be observed. Our IT specialists have put together a checklist for you to consider:
- Ensure that your Head of IT is part of the crisis management team.
- Do not make decisions in haste. Take a structured and cautious approach as you transition to home office. Avoid an uncontrolled situation.
- Ensure that secure remote connections (e.g. VPN) and secured individual access mechanisms are in place.
- Identify and prioritise the services and employees that are essential for safeguarding business continuity, operating core systems and maintaining business processes in the event of technical bottlenecks (e.g. licenses).
- Assess alternative technology solutions to maintain your business operations. Approach your IT partners and discuss ways to avoid undesired side effects.
- Inform your employees of the risks and threats associated with home office.
- Instruct your employees only to use a secure (NOT public) WPA2-protected wireless network.
- Update and patch your applications regularly.
- Ensure that your devices (and those being used by employees working from home) only run authorised applications and are protected by up-to-date software.
- Regularly provide your employees with information, awareness material, e-learning, etc. to ensure proper caution while working from home.
- Make sure you are protected in case an employee's device is compromised. Ensure that this device is immediately removed from your network and inform your people of what to do in a situation of this kind.
- Finally: Be sceptical. There are a lot of fake e-mails going around at the moment pretending to be from the authorities. Do not let yourself be misled. Contact IT or cyber security experts if you are uncertain.