From the employee’s point of view, do they have adequate infrastructure at home to work remotely?
- Are their internet speeds fast enough? When subscribing to a service, most users are looking for fast download speeds so they can stream content, but for a work from home scenario, the upload speeds are critical, too.
- What is their bandwidth cap? If one or more parents are working from home, kids are doing online learning because schools have closed (There are several instances of this.) and they are still streaming all of their TV and movies. That bandwidth cap can seem very small, and going over it can be costly.
- Is there a good area to work in? A desk for most jobs is optimal, but if both parents are working from home and the kids are doing online learning, then finding enough well-suited quiet places can be a challenge. Is everyone around the kitchen table?
From the organization's point of view, is the infrastructure in place to support a remote workforce?
- Do employees have adequate resources to enable working from home? Laptops, chargers, headsets, remote desktop environments, VPNs, messaging, and phones?
- If all internal assets are over VPN, will it support the entire workforce connected at once?
- Is all internet traffic being forced over the VPN, and will employees be able to access home resources like printers?
- Can employees access hosted cloud-based applications when not on the VPN? Are they able to use shared office suites and cloud storage accounts to share and collaborate on documents?
- For remote workstation setups, can the servers keep up with demand? Is the latency low enough so the system is usable?
- How will employees communicate? Do all employees have access to web and audio conferencing accounts? Are chat programs in place?
- Do you still use printers and need to file hard copies of documents?
- Are you reimbursing any extra costs? What if an employee goes over their internet cap or cell phone usage?
Assuming the organization has everything in place, what are the additional security risks?
- Most home networks are not secure. It is estimated that most broadband connected homes have over 20 connected devices when you consider phones, laptops, thermostats, cameras, doorbells, Wi-Fi access points, modems, TVs, etc. Many of these are neither secure nor updated regularly.
- How are the organizations assets being secured? Do all of your security controls assume that the asset is on the internal network or VPN for most hours of the day?
- Is AV and Malware detection being updated remotely?
- Microsoft released 115 CVEs in March. Will your employees get these updates automatically?
- Are the new 100% remote assets being scanned for vulnerabilities?
- How are policies and hardening being enforced, and are new unapproved applications being installed on these assets?
- Are employees able to browse to malicious sites from home, or are controls in place to prevent them?
- What is the plan should assets become infected or get broken? Are there spares in place ready to be delivered or shipped?