The past 15 months has witnessed a monumental upheaval of corporate IT usage, in terms of where data is being accessed from, who is accessing it, and how it’s being accessed.
Fortunately, the tough times are coming to an end, but there is still much to consider. As the UK Government allows companies to transition their workforces from the home back to centralised locations, firms need to undertake a series of operational steps to ensure that their data is secure, and normal service is resumed.
Table of Contents
When you asked your staff to work from home, you likely had to enact some emergency procedural and policy changes that facilitated new ways of accessing your network.
These will now need to be reviewed on a policy-by-policy basis and either removed or adhered to, as is necessary. Policies may not be limited to outlining what is expected of staff whilst they work from home, but could also extend to allowing the use of personal devices (laptops, tablets, mobiles etc.).
Your policies will likely revolve around the use of laptops, so focus on this specific asset set first. Go back over the list of protocols and procedures you have issues since March 2020. Ask yourself which ones may be necessary moving forward, or which ones you can adapt for future use. It may even be a good time to re-draft your entire company IT policy, depending on how disruptive the pandemic has been to your organisation.
Company IT Meeting
Once you’ve looked over the policy landscape, arrange a company wide meeting (or a series of departmental meetings) to brief employees on how they will be expected to conduct themselves in accordance with any policy or procedural changes, following the move back to the office.
You can also use this meeting to offer a more general retrospective analysis of how the pandemic affected your workforce and stage a discussion forum amongst staff to bounce around ideas on what went right, what went wrong, and what methods of working can be adapted to the post-COVID workplace.
Employees value clear and concise managerial communication, more so when it comes to IT. Make sure you have draft policies to hand, and clearly highlight where practices are changing, and to what extent. Staff need to understand that IT procedures may have been relaxed throughout the pandemic, but that it’s now business as usual from a security and compliance perspective whenever they are in the office.
The number one priority of any corporate IT policy is to protect two things – assets and data. Depending on how your company was affected by series of UK Government lockdowns, there will be a multitude of hardware assets across your estate that are either not being used for their intended purpose or have been distributed to home locations without the requisite level of security and/or monitoring that onsite assets benefit from.
Once your staff are back in the office, conduct a full asset check based on your most up to date asset register. You can either perform this function yourself, or ask your IT support provider to carry it out for you (there may be a fee for this).
Make sure you follow up on any missing items and categorise two major fields for each individual asset you have retained – where it’s been used, and where it is now located.
As hardware requires categorising and validating, so too does software. Conducting a software audit is, however, a much bigger task. Think about every laptop, PC and phone that’s resident on your network. Now think of the multitude of software applications that could be installed on each one. A software audit lists all of this.
Before you conduct an audit, consult with management and ascertain what applications should stay on your network. Break the audit down into sanctioned and non-sanctioned (as in, what your previous policy allowed) software types.
There are easy ways to carry out software audits, and there are hard ways. As with a hardware audit, it may be best to enlist the help of your IT support provider. If they have monitoring software on your company assets, it can be a relatively straightforward exercise
Once you’ve completed a hardware and software audit, you need to begin the task of returning your company assets to a desired state (i.e with only certain programs and apps installed). From a security perspective, it is vital to ensure that users only have access to the apps and programs they require to do their job, and that these apps and programs are sanctioned by and compliant with national (eg. CyberEssentials) and global security protocols.
Crucially, this also involves auditing user permissions across your network. During the pandemic, with workforces in a state of flux, various employees may have needed access to levels of permissions that are no longer necessary. For SMEs, the best way to achieve this is to access each user’s permission level across all the apps and domains they use, granularly analyse each set of permissions, and make amendments accordingly.
Lastly, offer some refresher training to your staff, ideally in a classroom environment. You may have delivered some ad-hoc training to your workforce whilst staff were working from home, but there’s no substitute to getting staff in a socially distanced classroom environment (where appropriate), and keeping them up to speed with company developments.
Use the session to go back over any changes to your IT policy, list any new programs you’ve sanctioned for use and hammer home the need to be conscientious employees from a security perspective.
Let Us Help
totality services are a London-based IT company who can offer a helping hand to any businesses in the capital looking to transition all or part of their workforce back to the office.
We can assist with hardware and software audits, security, training or procurement.