How to accelerate a secure shift to 100% remote work
Welcome to our "Remote for Real" series, a collection of posts from Box executives across our organization on what it's like when remote work becomes a reality for your organization, whether you're ready or not.
One day you're going to the office. The next day you're not. Suddenly, you and your business are forced to adapt to an entirely different way of working. This particular time in history presents an opportunity for CIOs to test and refine their business continuity plans. It's a wake-up call, in a sense.
For companies that have been focused on their daily operational needs at the expense of investing in digital business architecture and long-term resiliency plans, it hasn't been an easy last few weeks. Perhaps you already had some infrastructure in place to support partial remote work, but suddenly, 100% of your team is remote all the time. To scale quickly, you may have to ramp up licensing, quickly figure out how to increase your network capacity, and perhaps introduce measures such as VPNs and increased security monitoring. You're also bringing new tools and processes into your engrained company culture.
Regardless of the details, one thing is for sure: the COVID-19 pandemic is pressure-testing all your efforts to date. From where I stand as Global CIO, here's what we at Box have learned about the sudden transition to all-remote work and the steps it entails.
1. Decide upon the main toolsets you need to have in place right now
When it comes to technology for enabling remote work, there are an overwhelming number of options. The very first order of business is to choose the tools for communication exchange that you need and roll them out with as much attention to detail and security as you can, quickly. This might be some combination of:
- Cloud content management and collaboration (such as Box)
- Videoconferencing (such as Zoom, Webex)
- Team communication channels (such as Slack, Teams)
When choosing communication exchange services, The volume of online collaboration, sharing, conversations, and direct exchanges has exponentially accelerated in the few weeks at almost every company. Personally, I'm living in video, chat, and Box more than I ever was before. If you're having the same type of experience, it might be to your advantage to offer training options, whether in-house or through a technology platform's existing courses and materials. As much as you can, you want to ensure users are set up to use tools properly and to their optimal advantage.
2. Put smart, thoughtful security measures in place
As you increase remote collaboration and sharing, you open up an opportunity for both bad actors and negligent users to create security risks and expose weakness in your posture. In the case of your own users, they're learning how to work in a new way with new and different stressors on their working conditions, and that brings a higher probability that there are going to be that create risk for the organization. There are certain security measures to implement right away.
Say you accelerate your rollout of Slack in order to provide a quick way for remote teams to communicate. Perhaps at the same time you roll out Box to manage and collaborate on content. Since team members will be using Slack to share content stored in Box, it's essential to ensure that admins adjust the security settings so they're aligned with the organization's security posture, and consistent across all applications. Otherwise, you could create holes and opportunities for sensitive content to leak.
For many companies, email communication is increasing. But as they start sharing documents via email, risk increases and data sprawls. One experiment conducted by Crescent Electric showed that when an email was sent to 1,900 employees with a file embedded as a link, the file was downloaded 114 times. But had that file been sent as an attachment, redundancy would have resulted in the creation of 75 times more files. At Box, we don't allow physical email attachments to leave our organization and leverage services like mxHero to reduce risk and maintain chain of custody over our content . We do this by automatically replacing attachments as links back to Box to maintain control and governance as well as reducing security risk inherent with emailing files.
Make sure you have secure authentication for all your people. The number of cloud applications they now need to do their job is amplified, and they can't be expected to remember separate passwords for each and every new app. Research shows that when employees have to use separate passwords for each app, they often don't. At Box, we use Okta for single sign-on (SSO) and, for mobile devices, Duo for 2FA.
These are just some of the things you need to think about when weighing a quick pivot to remote while keeping your content secure.
3. Reduce risk exposure for the roles that cannot go remote
There's a subset of our workforce that's essential and still has to "go into the office." Consider research scientists who work in labs, or IT specialists in charge of physical infrastructure. This is not work that can be done remotely, but must be conducted in a controlled environment or with specialized equipment. People who work in manufacturing and ship physical products cannot phone it in, either.
At Box, we still have folks on site, classified as essential employees, who need to be there to ship new laptops to remote employees — including new employees who are now being onboarded remotely. How to mitigate the risk for these roles? One way might be to draw the line on the size or volume of customer you'll serve in person, so fewer onsite employees are necessary at once. Be thoughtful in how to protect the health and safety of those in these in-office roles.
Work is a state of mind, not a location
Even for a digitally native company like Box that enables remote work for our customers, most of us have been used to working in a physical office space where in-person collaboration is encouraged. Still, our guiding principles at Box have always been around creating a work-from-anywhere environment, helping our employees and customers be their most productive selves at any time, on any device. The COVID-19 epidemic is an unprecedented situation that has allowed us to test our own muscle of "Are we ready for business continuity in a changing environment?"=
I believe we're all going to come out of this stronger and better, and our business continuity plans are going to benefit from lessons learned. This is an opportunity to hone and refine our learnings. Where did we have gaps and blind spots? Where did we choose to invest or not invest that we could change next time?
One thing that COVID-19 has taught us: we can't rely on short-term band-aids. This has been the largest work-from-home experiment of our lifetime — but now we know, we're going to be more prepared for the next time. And there will be a next time.
Check out our 3-step guide to ramping up remote work, and watch our remote work webinar with IT leaders from Zoom, Okta, Slack, and Box.