By Grant Auld (IT Service Provider)
A lot of companies were ill-prepared for the Lockdown declared by our President, especially with regards to the IT infrastructure required to support work from home. With many needing to continue working during the Lockdown there was a mad scramble to get this enabled and most of the solutions were temporary or patch solutions. In most instances this is not secure nor is it a robust solution.
Those companies who already had a secure and robust system and a policy for their remote workforce in place were able to continue operating from home with minimal disruption.
I would like to encourage all companies (irrespective of the size of the remote workforce) to address their remote access arrangements as a matter of urgency. Although we all look forward to the lifting of Lockdown restrictions, it is likely that these will be lifted on a phased basis and that there could be further restrictions at times in the future.
If the remote workforce is unable to get physical access to the office for whatever reason (prolonged shutdown, transport limitations, pandemic etc) the company’s IT system can continue uninterrupted with the appropriate systems in place. A robust system consists of two main components; a secure Virtual Private Network (VPN) and a reliable server enabled for remote operation.
Security & VPN
This is the most important aspect to be addressed as once the network is connected to the Internet. There is always going to be some undesirable element out on the Internet who wants to gain unauthorised access to your system. The first gateway between the Internet and a company’s internal system should be a firewall, which is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. As long as the firewall has been setup correctly, it will protect your company network from unauthorised and malicious access. Another function of the firewall is to offer Virtual Private Network (VPN) access to the network based on a secure password and pre-shared key. This offers you a secure, encrypted connection between the remote computers at home and the company network. This is vital to protect the network from unauthorised and undesirable access.
Remote Desktop Server
Once you have connected to the company network via the VPN, you will need to log onto a computer to access your server based applications and data. The recommended method is via a Remote Desktop Server. This is a server which is configured to run multiple remote users simultaneously allowing them to work as if they were in the office. One of the main benefits of this system is that the company data never leaves the company premises, so the integrity and confidentiality of the data is maintained.
While there are other ways of achieving a similar result, they are not as robust and require a lot more maintenance and attention to get them working and to keep them working. If the company premises are not accessible, then a robust system is the only option to keep the IT workforce functioning remotely.
This is a very good option especially from a remote operations perspective.
Great advances have been made in Cloud based applications, such as the Xero accounting platform. These platforms do away with the need for a local server and offer robust solutions where access to physical premises is limited. They also allow for secure access by multiple parties irrespective of location, which is an advantage even in normal operating conditions.
Cloud based servers replace the need for a physical server at the company’s premises and will generally be housed in a data centre which is very secure, has multiple power backup systems in place and has multiple internet connections offering redundancy and a robust connectivity experience. The disadvantage to this solution is that during normal company operations all work will be done via the internet so if the company internet connection is interrupted for any reason, then the workforce will be unable to perform their function. If a company has more than one geographical location, then the cloud solution is ideal.
Backups need to be maintained during this period and at least a two tier strategy should be deployed. The first will be a physical backup device located on site. The second is a cloud based backup system. The cloud option gives the additional security in the event of a natural disaster like fire or flooding, theft of equipment or a ransomware attack on the server. The backups need to be checked daily to ensure the backups are in fact successful and that they are restorable when required.
It is essential that the server and every workstation, whether local or remote, has robust antivirus protection installed which is regularly updated. This adds a further level of security against unwanted attacks from the outside world, including malicious internet sites and emails.
With the pace that arrangements were made in the lead up to the Lockdown, many remote workstations will have been set up without the usual protocols have been followed. Further, some of the remote workforce may be using their personal computers and laptops to access the network and this equipment may not have been subject to the same policies as would normally be applied by the company. This could result in viruses, malware or worse being introduced into the company network which would cause severe disruption
It is recommended that an inventory is done of each workstation that is being used for remote work to confirm that appropriate antivirus software is in place.
Some of our clients had to scramble to find laptops that could be used as remote workstations at home and there is currently a limited supply of new equipment. In some instances, obsolete equipment has been brought back into service as a stop-gap measure out of sheer necessity. As the need for work from home is likely to be with us for some time, it is recommended that an inventory of equipment be prepared itemising the age and specification of the hardware that has been deployed. This should include employee’s personal equipment that is now being used for work. It may well not be possible to procure new hardware in the short term, but plans should be put in place to at least have some backup hardware available in case of hardware failures.
To summarise, a company’s policy for remote operation of the workforce should require the following as a minimum;
- Secure connection to the network using a VPN;
- Server which allows for multiple users to operate simultaneously;
- Reliable daily backups to more than one location;
- Antivirus protection; and
- Physical hardware contingency plans.
A remote workforce plan and policy will ensure your company’s ability to withstand forces out of your control. This should form part of your disaster recovery plan which will cover any eventuality including a lockdown pandemic.