Security, Technology, and Remote Best Practices During Crisis

Security, Technology, and Remote Best Practices During Crisis

Wizeline Security Lead, Jair Sandoval, shares the processes and mindset that have enabled Wizeline to implement remote work, both during the pandemic crisis and long before.

Almost overnight, COVID-19 hit several countries around the world, causing outrageous disruptions in the way businesses operate. Even after days became weeks, entire industries continued to struggle to transition to more flexible and remote-friendly operations. The coronavirus exposed what many businesses likely knew already—the world is not prepared for a pandemic, and not all companies were equipped for remote work. 

Wizeline was quick to move our offices to a remote work environment as the pandemic began. First and foremost, in an effort to protect our employees and communities, but also because it’s a transition we knew we could manage. We know this has not been the case for many businesses and wanted to take a moment to share our best practices for developing processes, leveraging various technologies, and fostering a remote work culture.

Decentralize Services

The first challenge that companies face when “social distancing,” is the need to transfer the operations to a work from home (WFH) model. Depending on the nature of each business and its internal tools and processes, this requires enabling additional infrastructure and applications or at least embracing new practices. 

For Wizeline, the key to a smooth transition is the decentralization of services. It means that when you work in a global environment with continual and dynamic interactions between coworkers, every user should be able to access company tools and services, regardless of the location or device used. 

Leverage the Cloud

The solution: cloud environments and SaaS applications. Cloud applications are services hosted by major infrastructure providers, and (usually) accessible 24/7. Nowadays, there is a cloud application for most business use cases, including e-commerce, databases, productivity, collaboration, finance, communication, among many more. Wizeline works with industry-leading cloud providers such as Amazon Web Services and Google Cloud Platform to power our team and power our client’s cloud capabilities.

Long before this crisis, Wizeline’s IT and security teams selected and implemented cloud applications that enabled the services our teams need. Every Wizeline employee has access to our IT help desk with Wizeline Self Service, where they can access password managers, request a VPN, or our HR-related services. Note—it’s important to do your due diligence and select reputable applications that are well-suited to the needs of your workforce. This IT helpdesk may sound like a big investment but the upfront work will pay dividends later on. We also encourage our employees to speak up if they identify a gap in our current toolset and to share their use case and desired tool with our IT team.

Be Agile & Flexibile

 Of course, allowing employees to request certain tools doesn’t mean you must grant all requests. However, your procurement, finance, or IT teams will start to notice patterns in user behavior, which can help redefine strategies, tools, and processes. The key is to keep your IT procurement processes agile and flexible to keep pace with the demands that crisis brings. 

If you cannot move your operations to a cloud environment in the short term, it is crucial to enable connectivity services for all employees. Connectivity services allow employees access to the company’s infrastructure from the employee’s homes without exposing the services to unauthorized entities. A VPN, (virtual private network), or Secure Shell (SSH) communications, are appropriate ways to do this. 

Finally, I recommend enabling a process for provisioning and de-provisioning tech infrastructure through your IT department. Some employees may need to take home additional hardware such as printers, dual monitors, or keyboards. A good way to prepare the company for “technology decentralization” is by providing employees with laptops instead of fixed desktops and workstations. It becomes easier to adopt WFH practices when your team is set up for mobility and flexibility.

Adapt Processes

The crisis has disrupted critical activities such as onboarding or training services that are best performed in-person. But social distancing demands that we adapt our processes.

Let’s take onboarding, for example. When a new employee enters the company, it is nice, and some would say necessary, to engage them during the process by taking them to lunch, giving a tour of the office, or attending in-person training sessions. The essential experience of most hiring processes is grounded in interactions between employees.

At Wizeline, we made all onboarding sessions fully virtual. Our new hires over the last month or so all completed their Wizeline onboarding sessions via Zoom conference calls and signed their new hire paperwork via DocuSign. We even established a process for delivering laptops to new employees. The IT Team established a rotation schedule and created a new procedure for receiving and mailing devices, all while taking serious sanitation measures (gloves, masks, hand washing).

All the adaptations required to run your processes remotely must be documented in a Business Continuity Plan (BCP). A BCP assesses the potential impact of disaster situations and outlines the procedures to respond in the most efficient way. The main goal is to continue with business operations with the least possible impact. A proper BCP should contain: 

  • Goals, scope, and objectives
  • Roles and responsibilities
  • Policies and procedures to keep operations flowing
  • Alternate work sites (or WFH policy)
  • Data and site backup plans
  • Maintenance protocols
  • Communication plans (internal and external)
  • Emergency contacts

As the leader of a process or organization, it is crucial to maintain constant communication with your team and stakeholders. New processes are only as strong as their documentation, communication plan, and how well they are adhered to by leaders in the organization.

Manage Customer Expectations

Ultimately, the most significant responsibility is to maintain the trust and reliability of your customers. While your customers are figuring out how to deal with the crisis themselves, it is important to demonstrate that you are ready for these situations from the beginning. Your customers should know that you will continue supporting their services and requirements.

At Wizeline, our first rule is to keep constant communication. Scheduled communications should not be canceled. In fact, it may be necessary to increase communications to track the overall progress of projects and ensure that the crisis will not impact the customer relationship and milestones. Above all, be transparent in your communications so customers are not taken by surprise if their activities are impacted and your ongoing development project needs replanning.

From a project management standpoint, over-communicating is essential to keeping the project on track. It may also be necessary to enable the appropriate technologies to continue measuring the performance of your client account team remotely and prevent any issues in the future.

Make the Investment

Don’t slack on security. Hackers are taking advantage of the situation to expose company infrastructure through staff computers. For example, socially engineered email attacks on businesses have spiked under COVID-19. These emails steal money and data by impersonating the CDC, WHO, and similar reputable agencies, claiming to provide useful health information but include attachments that infect target systems with malware or steal account credentials. Protecting email communications is imperative. What can you do? Conduct ongoing security training and awareness, and adapt the security strategy of the company to these new realities.

A pandemic is rare and unforeseen, but if you implement best practices rooted in cybersecurity, business continuity, and crisis management, you will be ready if and when the next crisis strikes. During a crisis, companies are as stable as their core processes and practices. This crisis is an opportunity for all of us to strengthen our internal procedures and transform the company into one that can thrive in the digital age.

Be safe. 

I am hosting a webinar on cybersecurity and remote work in the coming weeks, and I would be honored if you joined the conversation. Reach out to me if you’d like to attend and I will send you an invite. 

Jair Sandoval, Wizeline Security Lead
Jair Sandoval, Wizeline Security Lead

Nellie Luna

Posted by Nellie Luna on April 15, 2020