When a virtual session of South Africa’s parliamentary proceedings was hijacked and flooded with pornographic images in early May, it made headlines around the world.
This was not the first time a parliamentary meeting has suffered from malicious disruptions.
There have been many other hacking instances of hastily-adopted video-conferencing systems that enable remote working and teaching – to the point where some universities and schools have banned the use of at least one of the most popular of these platforms, Zoom, because of security fears.
The problem, says Denis Bensch, CIO of FlowCentric Technologies, is not necessarily the technology, but lack of preparedness and planning in using that technology.
“The time between the first rumblings about COVID-19 and lockdowns was incredibly short – less than three months. Suddenly, distant digitisation objectives had to be implemented immediately. It’s not surprising that things have gone wrong,” he adds.
The world of work as we knew it in 2019 and early 2020 has gone forever. In a Gartner survey of 317 American CFOs and finance leaders conducted on 30 March 2020, nearly three-quarters stated they intended to move at least some of their employees to remote work permanently post the current pandemic.
“This data is an example of the lasting impact the current coronavirus crisis will have on the way companies do business,” said Alexander Bant, practice vice-president, research for the Gartner Finance Practice.
A second Gartner survey conducted just a few days later revealed that nearly 50% of all responding organisations reported that over 81% of their workforce was operating remotely during the coronavirus pandemic. In addition, the study showed that 41% of workers were planning to continue working remotely more often in the future.
“Global crises and events have always changed the world. For example, the cold war with its threat of nuclear warfare was one of the underlying motivations for DARPA to develop the Internet – a network that wasn’t situated in one place and could survive a nuclear attack,” Bensch says.
“COVID-19 is teaching us that we must be able to conduct business in a virtual manner, as face-to-face and office-bound methods aren’t sustainable. Many organisations have come to realise, remarkably quickly, that working from home is actually a viable option. Work from home plans are now a reality for most organisations, even those whose digitisation plans pre-COVID-19 might have balked at anything more than online purchasing and payments.”
According to Bensch, while COVID-19 is driving us to work from home, business must be resilient enough, at all levels, to function in today’s and tomorrow’s pandemic-altered world by considering the following:
- Customers: Can they continue to do business with us if they can’t walk into our store front?
- Operations: Can they continue to deliver if they aren’t allowed to travel or go to work?
- Finance: Can they continue to pay suppliers and collect money owed without going into the office?
- Suppliers: Can our suppliers keep us supplied in a time of crisis?
He also warns that, as the few reported hacking incidents have illustrated, there are many operational and security challenges that must be dealt with.
“Allowing remote workers onto your network is not as simple as installing a VPN (virtual private network) system. Giving anyone access to your corporate network through a VPN can introduce a range of security issues such as viruses, Trojan horses and ransomware from machines that are not correctly locked down,” he explains.
There’s also the issue of who is actually at the keyboard. In the office, it’s easy to spot a stranger tapping away at Sam’s machine, but if Sam (and Sam’s notebook) is at home, how can you be certain it is Sam and not Sam’s delinquent teenager, curious nine-year-old – or even the cat – at the keyboard?
“The fact is that negligent or unknowing damage can be just as detrimental as intentional damage,” Bensch says. “Think about complex banking systems. There are physical security mechanisms in place to ensure only authorised people have access to systems; these safeguards obviously can’t be in place when working from home.”
Businesses therefore have to determine whether a worker requires exactly the same level of access to systems while working remotely, as they do locally.
A major challenge many businesses are facing now is that the speed at which the world changed, didn’t allow them time to think, let alone plan. Almost overnight they had to change their entire modus operandi to remote working.
As a result, many companies rushed to sign up for platforms and services in the days before lockdown in order to keep their businesses going.
Now that it is clear the lockdown is going to continue for months, and social distancing is likely to be with us for a lot longer, companies need to evaluate these hastily implemented services and platforms; and take steps to improve their effectiveness.
Bensch offers the following advice for the evaluation and remediation process:
Don’t panic. Work with your IT department which, after all, is meant to be the enabler for the company vision. Don’t sign up for “grey” or shadow systems without consulting them.
If you didn’t have systems in place when the lockdown started, take a structured approach to working on this. Remember, your IT department is also under serious pressure at the moment.
- Look at your processes carefully. Determine whether relatively low-risk activities such as leave, shared document repositories and so on can be provisioned while in lockdown.
- Think about collaboration-type activities such as meetings, project coordination and research, and which of the many tools available in these areas are best for your needs.
- Consider making changes to high-risk and money-related activities (such as paying suppliers or getting paid by customers) and critical core activities of your business at a later stage, when things have settled or when it is more feasible to do so. These processes need to be carefully defined and the implementations tested and signed off. However, this cannot be postponed forever.
- Think of your suppliers. It doesn’t help if your business can continue as normal, but your suppliers can’t. Talk to your suppliers and figure out how you can both continue functioning in a lockdown state, in an era of social distancing and and during other future crises.
- If you still have beer, go get one and sit and think about how you are going to implement a business process management system that will enable you to work from anywhere.
“Whether your inability to access systems is owing to COVID-19, load-shedding or a chemical spill, it will always be in your best interest to allow your business to continue operating as normal no matter where employees, suppliers and customers are based.
When the correct processes and control measures are put in place, remote operations can actually work efficiently and securely,” Bensch concludes.