The New Normal: Balancing Security and Telework

The New Normal: Balancing Security and Telework

I used to write about things like disaster preparedness, business continuity, and cyber-security, but in light of the events of the last four months, I think I can safely say this unexpected crisis warrants a different approach in selecting what to write about. The COVID-19 coronavirus pandemic has changed the world in the way we socialize and work together.  I have been part of some forward-thinking organizations during my career and as such, creating a secure and sustainable remote work-capable infrastructure was nothing new to me.  What is surprising is how quickly telecommuting has become the new normal.

Things like being prepared for disaster with proper backups and making sure you are doing your due diligence in terms of cyber-security, firewalls and everything else you employ to secure your network goes without saying.  What catches some people by surprise is the concept of BYOD, or using your personal equipment to do company work.  As is true with so many things in technology or in life in general, a compromise or a hybrid solution is in order.  With many corporate functions being served via cloud-hosted, web browser accessible programs, allowing the use of personal equipment is a reasonable expectation.  Draw the line at allowing non-company owned equipment on your corporate network.  If corporate network access is required, require corporate-owned assets to allow access. And by all means, use a reputable and reliable VPN.  That is the only way to safely and securely allow people to access the corporate network from anywhere with internet access.

So to recap some of the basic security requirements, first, personal devices should only be allowed when accessing cloud-based, browser-based apps, and never on the corporate network. Second, a VPN should be the only way to access the corporate network when not within company facilities, and again, only company-owned computing devices should be used in this way.  People are the weakest link in any security program so regular ongoing security awareness training is a good idea to keep staff on their toes in regards to phishing, spear-phishing, and other social engineering exploits. Standardize the communications applications in use, make sure they are sanctioned by your IT department, and then train users on effective and appropriate use. 

And in these unprecedented times, make use of the video chat and meetings option frequently and intentionally.  One of the recurring themes from several conferences I have recently attended is the need to maintain our human connections both at work and outside of our jobs.  We can use technology to do this, but it does take some intentionality.  Part of that message is to build that human connection with your staff, colleagues, and your customers, especially during these trying and stressful times.  Seeing one another via video helps bridge the gap between just a phone call and a face to face meeting in real life.  Build-in time in your meetings to allow for general conversations, like those that might occur in the hallway, water fountain, or breakroom. While not everyone enjoys being on camera, encourage those shyer folks just to turn it on even for a few minutes so you can see their smiling face.  While mandating camera use has been done (there was one company that said “If you’re not on camera, you’re not in attendance”), encouraging users by making it a part of your culture will work better rather than a mandate.

Some other things I have observed during the crisis: I recall my parents and grandparents being very conscientious about handwashing. This was because, before the advent of antibiotics, any little infection could kill you. So good hygiene has always been important; perhaps we just got lazy with a relaxed attitude toward infection. Going out when you were sick was also very much against the social norm, likely for the same aforementioned reason. Perhaps this attention to cleanliness is a good thing.  Now, when people meet, there is a stronger appreciation for that human connection.  We have a shared story that reaches every single person in the world. It crosses every previously existing (and likely imaginary) boundary. Shared stories create community and empower us to connect in deeper ways with our global community.  Let’s make this insane year of 2020 the year that we draw closer as a people, using technology for good.

I would tell you my favorite COVID-19 joke but my IT Team decided that during the crisis we would only tell “inside jokes”.


Chuck has worked in information technology for thirty years in various roles including technician, sysadmin, and director/CTO. He has worked in K12, nonprofit, and most recently in public service to parks and recreation districts.  He has expertise with disaster recovery/business continuity, infrastructure as a service (IaaS), cloud computing, virtualization, and security. He is platform agnostic, believing in providing the best tool for the job.  When not working, he can be found playing piano jazz music with friends and family.