The COVID-19 pandemic has changed the way people work and where they work. Technology is more essential than ever as companies quickly shift to an almost fully remote workforce and implement new solutions to cope with the challenges we are facing today. Our COVID-19 Solutions Group technology experts have answered some frequently asked questions about technology solutions as businesses build new road maps to survive during this outbreak.

Remote Workforce Transition

Is your technology allowing you to function as a truly remote workforce?

Your technology should provide your team the ability to fully function from outside the office as if they were inside the office, while retaining the same level of security.  Workflows, policies, and procedures may need to be adapted to ensure there is a solution in place for every job function that must be completed.

Are you able to communicate effectively with your internal team, vendors, and clients using your current solutions?

Cloud based phone and video conferencing solutions are not all created equal, and it’s critical that the solution you invest in is robust enough to support the needs of your team safely, as well as fit your budget

Are your competitors able to perform aspects of your job that you cannot?

Businesses that cannot perform job functions remotely will no longer be competitive with businesses that have invested and implemented technology solutions to allow their team to remain productive outside of the office.

Has the speed of preserving functionality taken precedence over security when shifting your team to working remotely?

Unprepared businesses have taken a knee-jerk reaction to COVID-19 by throwing together solutions to ensure that their teams have access to work from home.  By implementing solutions at such a speed, due diligence has not been performed, testing has been forgotten, and security has been an afterthought. If you have recently implemented solutions without proper controls or laxed your security protocols by allowing personal equipment, forgoing multi-factor authentication, or accepting unsecure remote connections, engage your technology partner to provide direction to mitigate these risks.

Technology Support

Have expectations of daily IT support been coordinated and communicated effectively to your team?

Whether your IT support is internal or through an outside vendor, everyone’s support processes have been challenged during COVID-19.  It’s imperative that you coordinate and communicate with your team when support is available, if onsite support is an option, what are the limitations of support (i.e. would you support a home user’s internet connection?), etc.  If you don’t address this pro-actively, users will be left to define their own support parameters, usually at the detriment of the IT support team.

Have you retained your ability to monitor and keep your systems up to date?

Cybercriminals know that users are in an emotional situation and outside of their comfort zone, which is an incentive to step up their game to try and gain access to your internal and client data.  It is imperative that your IT team (internal or external) continues to monitor all company owned equipment, accesses, and have solid patch management systems in place to keep your software up to date.

If you outsource your IT support, what resources and solutions have they offered to allow you to remain functional and secure throughout COVID-19?

Many technology vendors have come forward in this time of need to offer free or long-term trials of popular products, designed to accommodate the new “norm” of working from home. Your technology partner should be able to make the right recommendations based on your business’s needs.

If you handle your technology internally, do you have a partner to rely on to look out for these offerings on your behalf?

Internal IT teams are generally staffed to focus on the “now”.  By partnering with the proper technology partner, you have someone you can trust who is looking ahead on your behalf.

Security Awareness

Your employees can be your strongest line of defense as well as your weakest link.  What has your business done to increase the tech savvy of your team since the arrival of COVID-19?

As your work environment changes, so does the threat landscape. Making some additions to your normal security awareness training specific to best practices of working from home (i.e. limitation of printing, keeping your home-work environment private, securing your home network, etc.) are great first steps.

Are you continuing to provide your pre-COVID-19 security awareness training?

It’s easy for your security awareness training to fall to the wayside during these times, but right now it’s more important than ever to invest in the tech savvy of your team.  There have been thousands of new malicious websites and spam emails built around COVID-19 since January 2020 and the numbers are continuing to grow.  Your team needs to have the discernment to identify the fake communications pretending to be your HR or IT departments as well as phishing scams claiming to be legitimate news sources.

Business Continuance

Has your business continuity plan (BCP) been effective during the COVID-19 crisis?

While most organizations have some level of business continuity planning, many have not developed a plan to address a pandemic outbreak. Those organizations with pandemic planning should be sure to document their successes and failures during this event to strengthen their pandemic strategy moving forward.  If your organization did not have a pandemic plan, you are now dealing with these issues real time. In this case it is even more important to keep detailed documentation on actions taken and whether those actions were successful. This would include, but not be limited to, changes in HR policies, remote workforce strategy, security and process control changes, communication planning, and productivity measures.

Have your policies and procedures revolving around security and technology been overlooked for the sake business continuance?

Ready… shoot… aim!  That’s how many of us would sum up the last few weeks. As companies have reacted to the COVID outbreak, many have adopted new technologies and policies surrounding team/client communication and remote access. Even in these trying times, it’s important that due diligence is not overlooked and that all newly implemented solutions are tested to maintain security.  Remember, the cybercriminals aren’t shutting down due to COVID and will use this opportunity to exploit companies who gave up too much security for functionality.

Has your organization assessed and prioritize essential business functions and processes that may be affected by a pandemic?

The identification of essential business functions is critical to the success of any pandemic planning process. Due to reduced staffing, businesses need to ensure that all available resources are focused on only essential services and processes. Planning should be supported by a detailed business impact analysis (BIA) to clearly identify requirements.

Have HR policies been expanded to address staffing disruption, payroll, healthcare and absenteeism?

Pandemic events affect personnel more than any other type of disaster scenario. Businesses need to ensure that HR policies are up to date with current federal and state employment laws and internal employment conditions. Policy updates to address emergency situations like a pandemic event should outline basic processes and procedures but also communicate that real time updates will be necessary and implemented based on federal and state mandates and environmental change. The process for communication of these changes should be clearly defined in the policy.

Has your organization identified the legal and regulatory requirements for the institution’s business functions and processes?

Many businesses are required to meet certain legal and regulatory requirements. This is especially true for organizations that are subject to federal and state oversight such as Finance, Healthcare and Insurance. Organizations should ensure that these requirements and identified, documented and reported on as outlined. Completing a comprehensive business impact analysis as part of the organization’s business continuance and disaster recovery plan will aid in the identification and detailed actions required to meet these requirements.

Has your organization evaluated the plans of critical service providers for operating during a pandemic?

Businesses that have critical dependencies on third party service providers should have a reoccurring process in place to ensure that goods and services agreed to will be available during a disaster scenario. Assessment of a third-party service provider should typically occur within organizations vendor management program. This program would assess each high risk or critical vendor at least annually to determine the status of the vendor’s financial condition, operational practices, security controls and business continuance planning.

We’re here to help.
To ensure you have the technological resources and business processes in place to deal with the quickly changing work environment, reach out to us at covidtech@mcmcpa.com and a member of our COVID-19 Solutions Group will be in touch.