Live webinar recorded on March 17th at the Worksighted offices in Holland, MI

Webinar Description: The recent increase of COVID-19 cases not only has leaders at a global level concerned but local businesses as well. With the first cases of COVID-19 being reported in Michigan recently, many of us are still unsure of what types of interruptions we can expect in the workplace now that it has become a concern in Michigan. We are sure you have questions about how to prepare and protect your business and we are here to help. Join Adam and Mike on Tuesday, March 17th, for a live webinar where you can ask questions and bring your concerns.

Let’s Jump In

Adam Devereaux:
Hello everyone and welcome to another Worksighted NXT Webinar, a special webinar. We wanted to create an opportunity to connect with our community and talk about what’s going on, this kind of dynamic situation and provide you an opportunity to really ask us some questions and learn about what other people are doing and what we’re seeing. So you may notice it’s a little bit of a different setup than what we usually have if you watch any of our other webinars. So the little awkwardness here, we’ll try and make it work, but we’re doing the social distancing. So I have a special guest with me here today.

Mike Harris:
My name is Mike Harris. I’m the CEO at Worksighted and I feel a little bit like we’re at a middle school dance right now.

Adam Devereaux:
Yeah, exactly. It’s pretty good now.

Mike Harris:
But I want to welcome all of you again. We pulled this together in fairly short order because we felt like what we’ve seen on our team is a dramatic increase in inbound requests. We’ve seen our inbound requests load balloon 60 to 70% over the last 48 hours with huge amounts of requests coming in around remote work, security, business continuity, voice and video collab and things like that. And as well, there’s not just the technical challenges that everybody’s facing, but there’s also the business challenges. So I wanted to open myself up to address any questions that business decision makers might have if they want to ask some of the things we’re doing. We are operating as almost a complete remote workforce right now except for essential staff and operations that need to be in one of our facilities. But we are operating at 100%.

Adam Devereaux:
Yeah, there’s obviously a lot of changes we’ve had to make, but really the opportunity here is for you to ask questions. So the intention is for this to be a conversation as much as possible. We do have some topics we want to go over in the meantime, some categories. And then as you ask questions, our coworker here, Rebecca, is in the background and she will be letting us know and feeding us your question. So go ahead and ask those now and along the way and we’ll make sure to address those either as we’re going along or at the end. So really kind of the first area we want to talk about is what is the problem that a lot of businesses are facing and a lot of organizations are facing. And that it’s really a general topic because in many ways it’s everything, right? And it really depends organization to organization.

Mike Harris:
Yeah, it really is Adam. All of us as companies are dealing with an extremely fluid situation where we’re having to make rapid, pretty dramatic business decisions that decision makers would often have significant amounts of time to decide what they wanted to do. We’re having to adapt in real time and enact, not just a new technologies that we’re having to put in place to enable our workforce, but corporate policies, HR decisions, security concerns. It’s really much bigger than just the tech side of things.

Adam Devereaux:
Yeah, absolutely. That’s what we want to focus on today. Three main categories would be remote work, enabling remote work for your users, best practices, challenges that people are having, security through this time and how bad actors are trying to take advantage of this, and then business continuity. So we’ll see if we get to address all of that. But we definitely want to talk about remote work. Really just within a matter of days we’ve seen massive changes from day to day, even internally as we were planning, Thursday to Friday, it’s over the weekend to Monday. Yes?

Adam Devereaux:
Yeah. And another factor here that we saw, we’ll probably talk about this a little more later, is that a lot of these conferencing service have been getting slammed from Zoom teams, et cetera. Largely they’ve been able to keep up, but there’s been someā€¦

Mike Harris:
Yeah, I think we shot teams in Europe go offline yesterday for a while-

Adam Devereaux:
For a couple of hours in.

Mike Harris:
…. so these systems and infrastructure are just getting absolutely stressed to the max.

Adam Devereaux:
Right. It’s specifically on teams. What I’ve heard from Microsoft is that it isn’t a capacity issue, but more specific ways that it’s structured that they hit bottlenecks in different resources and services that make it work. So they’re having to rapidly keep up with that and try to keep the experience good. So bear with us if we have any technical difficulties.

Mike Harris:
And some of the things we’ve had to do as an organization is, as I indicated in the beginning, we’re operating almost completely remotely, but we’ve had to put some new procedures in place to make sure that we’re effectively able to prioritize requests for customers. So we’ve leveraged things like Microsoft Teams with specialized communication channels. As far as our employees, we’ve created rapid response teams and we’re really trying to make sure that we’re removing red tape and we’re making sure that internally our approval processes are being adjusted so that when customer requests are coming in that are extremely time sensitive, we’re able to make sure that our employees are able to make the decisions necessary to move really, really quickly. And this is something that all companies are facing right now in many different ways.

Adam Devereaux:
Yeah, uncertainty is our enemy in many cases. I think speaking on the topic of what we’ve done, one thing I think was successful was trying to divide communication up so that we are having specific channels and teams. We have an org wide team and we created a specific channel for a serious code 19 communication, right? There’s other channels and opportunities for people to talk more casually and meme and joke around. But we wanted to make sure one channel was clean and a resource for people to go to and see that serious content.

Mike Harris:
Absolutely. Let’s talk a little bit about the types of requests that we’re seeing actually come in from a remote work perspective, what are we seeing clients ask for? Because many clients are equipped in some way, shape, or form already for remote work. The issue is the load that’s being placed on it. They weren’t necessarily ready to have, “Hey, I need my whole staff or a huge portion of my staff to start working remotely.” And all the other things that come along with that. So can you speak a little bit to some of the technology related requests that we’re seeing come in around remote work?

Adam Devereaux:
Yeah, absolutely. I think a lot of organizations are confused on their readiness for remote work. Even if they had some capacity or some adoption of cloud services, they were still in a hybrid state. They aren’t sure if they need to expand their VPN usage, or use remote desktop services, or just use cloud things directly. But I think we have to acknowledge too that for every business it’s unique and there’s a lot of organizations out there in the community that are really going to be hit much, much harder than others on this. So something to keep in mind and even as a business community how we can help each other, certainly the answer for manufacturing facility is going to be very different from a community organization, a nonprofit, or any other professional services organization that can essentially perform at 100% remotely.

Adam Devereaux:
So I think as far as the technology side of it, the uncertainty around how we expand that remote scope. So we start to look at things like what resources and applications do your users need to access. So it’s really the most important starting point is understanding what are the services that you’re offering to your users to work successfully. And that can end up including a lot of interesting things that companies hadn’t really thought about like some positions require printing a lot of paperwork and if you have people working from home, their home printer isn’t going to work for that. And if they have the papers printed at home, how do they get that content to someone else? So it might even be about changing some of your processes and workflows to accommodate the new reality of the geographic distance between people.

Mike Harris:
Well, I think that’s a great point. And many of us, we think about remote work, we’ve been implementing remote work for our employees often as more of a strategy around employee engagement and wanting to be flexible, et cetera, et cetera. And so we’ve kind of given control over which jobs enable remote work around, but the problem is that there are certain roles that are critical to all of our businesses, like finance and things like that where we tend to look at them and say, “Well, these portions of it, I’ll allow for remote work.” But now we’re all of a sudden faced with these complex business decisions where I need all of it to happen remotely. To your point, how do I print checks and get them out the door if I’m remote? How do I deposit checks if I’m remote? Right? All of these kind of more complex issues that we thought that we had the option to kind of choose who it is we wanted to work remotely, but now the universe is kind of making the decision for us and we’re having to figure it out on the fly.

Adam Devereaux:
Right. Yeah. And that can mean a variety of challenges from a technology standpoint. And it’s the old 80-20 rule, right? We enabled remote work, the easiest remote work. And even for us as an organization, there are certainly positions that I demand needed to be available for remote work or we were strategic about being able to enable certain people to work remotely. But getting that last 20% is oftentimes the biggest challenge and may require some pretty significant changes. So going back to the topic of specific technology, there’s some other pitfalls that we’ve seen. Internet connectivity speed is a big one. If your resources that your users need to access is back at your building, at your server environment, at wherever you’re hosting those different services, that’s something you have to take a close look at. If you don’t have to have people connect back to the building, try to avoid it, right?

Adam Devereaux:
If there’s a different way that they can access those resources, but still in a secure, safe way, that may be a better way to handle it. So internet connectivity and then we have firewalls. So with firewalls some of those were being used for VPN clients and they’d have capacity limitations, whether it’s like hardware limitations and the number of people that can be active as a VPN client at one time, or performance limitations, or licensing limitations. All of those things have to be considered. So we’ve seen organizations try to do rush firewall upgrade projects right now. And that’s part of our rapid response is trying to enable organizations to get these inks implemented, but we have limitations on availability in some cases on that gear. That’s a big challenge.

Mike Harris:
And we’re seeing, does everyone have a laptop? Right? It’s easy if you have a laptop, I can take that home. But what about desktops? We’re seeing clients, again, some of these roles that we didn’t design to be remote, all of a sudden we’re being forced to have them operate remotely. And so we’re getting requests from clients, “Can I just pick up my desktop and take it home and set it back up again?” And that poses some unique challenges because your desktop might not have WiFi. Do you have cabling in your house and infrastructure in place to be able to get these things up and running? And your desktops might not have necessary VPN clients and software in place because you don’t normally use those devices remotely? Can you speak to that topic a little bit?

Adam Devereaux:
Yeah, I think, that specific conundrum of, “Do we let users, do we let our people connect via home devices that they already have versus bringing their business devices with them to their home environment?” Both represent unique challenges. One on the security side that we’ll talk more about, but if you have people connecting in to work resources from their home computers, there are ways that it’s more secure than others and you don’t know what’s going on with that home computer. Was some 12-year-old downloading Minecraft mods that ended up having malware on them and it’s a compromised computer, and now you have them logging in with their work resource credentials, and then opening up the business to security concerns.

Adam Devereaux:
And then the other side of that is, well, even if you do say, “Okay, take your desktop with you.” How many people’s homes are set up where they have a place that they are going to set aside … and we’ll kind of talk about the culture side of that, that they’ll set aside to locate that, and kind of work from home in a productive way, and integrate that with their home technology, and do they get a good experience? Right? So now from a support standpoint, that’s also a big challenge that we’re seeing because now somebody has to help them get that set up, somebody has to potentially work with them through problems that may even mean them contacting their ISPs and trying to get speed limits increased. There’s a lot of work that goes into that. It’s never as easy as just grab your desktop, bring it home, and you’re good to go. Some users it will be, but a lot of other ones, it’s going to be a lot bigger challenge for sure.

Mike Harris:
Well, and I don’t know if we have any HR folks on right now. But certainly, managers, there is a whole, “Okay, if I get my staff working remotely, how am I managing, and communicating, and making sure that they’re engaged? How am I making sure that they’re getting what they need? How are we conducting things like one-on-ones?” Do we have platforms in place from an HR perspective to be able to coach and manage people? Because they need coaching, they need one-on-ones, they need communication now more than ever. And here we are in a unique situation where we’re really kind of pushing the envelope of most of our HR practices, and platforms, and systems, and softwares.

Mike Harris:
So do we have those in place? And if not, there’s a lot of cloud platforms and things that could be put in place to facilitate some of those to make sure that we’re having the conversations. Because again, we’re all adapting by the day and we don’t know what the rules are going to look like tomorrow. We don’t know when we’re going to have our teams back together again. So it’s really, really more important now than ever that we’re communicating and we’re seeing a lot of companies that are behind the curve on having those tools in place to be able to facilitate things like that.

Adam Devereaux:
Right. It’s a big challenge. You’re talking about official communication, but also how do you provide the water cooler communication? How do you provide a sense of community for your people? So we’re seeing things on the technology side of it where they’re doing things like having a team stand up every single day, maybe a start of the day, end of the day stand up. So people are checking in with each other, making sure that you have tools like Microsoft Teams or things like that where you can have kind of persistent and chat and ways that people can feel connected. But that’s that’s going to be a big challenge and I think for every organization they’re going to have to figure out a different way to handle that for sure.

Mike Harris:
Yeah. And I can there speak a little bit to what we’re doing as an organization. So at the leadership level, our executive team has a 15 minute huddle every single morning online right now just to make sure that we’re all in sync with the unique challenges, things that may have come up overnight, making sure that we’re on the same page. That’s immediately followed up by another 15 minute stand up with our entire leadership team, all the managers in the company, to make sure that we’re communicating in real time and we all understand what are the challenges that we’re facing because culture is so important and culture is going to help us as companies get through this really, really challenging time. How do we make sure that we preserve our culture and it doesn’t kind of fall apart on us during these times? We have to be communicating.

Adam Devereaux:
Yeah. It’s kind of a big experiment in many ways right now. I mean this is obviously not a situation where can make light of. It’s very serious. We’re talking about life and death for individuals, but also for organizations. So the whole goal here is to try to be available as best we can as a community partner and business partner to help you through these circumstances.

Mike Harris:
You’ve hinted a little bit at security earlier. So let’s … Becky has got her hand up, which means we’ve got some questions.

Rebecca Zaagman:
All right. We’ve got a question. What kind of security traps has Worksighted encountered related to COVID-19. What should I tell my users?

Mike Harris:
Perfect question because that’s right where I was going. I don’t know who you are, but you’re hired. Let’s talk about security now a little bit because our security team is seeing an uptick. We expected this and we are seeing it. They wanted us to make sure that during this webinar we called out any communication you’re seeing in email around COVID-19. You should assume that by default it’s malicious. And if you’re on our security platform, have our team check it and make sure that it’s okay. We are seeing those come through. We are seeing people click on them and it is creating breach situations.

Adam Devereaux:
Right. Yeah, absolutely. It’s happening right now. And even the governmental organizations like the WHO have issued warnings that people are impersonating them to send out information, communication, surveys, other things along those lines. So I think one of the big things is to message your users to be more wary, slow down, don’t click on anything unless they can verify first that it’s legit, which is more difficult in a remote work environment as well, because in many cases when people are not face to face, they may forgo some of those checks that they otherwise would use. So make sure that they’re following policy if they’re checking things. The biggest breach concerns that we see are credential release where somebody’s clicking on something and then putting in their credential information and they shouldn’t be or that they download some sort of malware or some sort of attachment to their computer that causes your environment to be compromised.

Mike Harris:
I want to add to that. When we’re in a scenario where our entire team is trying to function remotely, some of the protocols we’re putting in place at the executive level, the things we would do are, “Hey, don’t send that wire unless you talk to me, et cetera, et cetera.” They become much more difficult. So attackers, they know we’re all dealing with a certain situation. They know that they can send you an email about your flight that got canceled and there’s maybe a 30% chance that applies to you somehow or other and you’re going to tend to click on that thing. So I would definitely caution, especially people in finance and HR and things like, put some special precautions in place. We have done that.

Mike Harris:
We have special precautions in place between myself and our finance director and things like that to make sure that in scenarios where we are remote, I can’t put my head in his office and make sure he sees my face. We have special controls in place that only he and I know so he can verify my identity. We don’t put it in an email, we never put it in electronic communication. Nobody knows how we do that, but we have our systems and those are the things that you have to put in place. Basic procedures. If you’re in Microsoft Teams, you have video, use it. It doesn’t just have to be chat. Make sure that you’re taking every measure you can to verify the identity of the person you’re talking to.

Adam Devereaux:
Well, one quick thing I wanted to add on to that, that you talked about is verification. And this ties into security for things like IT support requests as well. We’re already seeing more organizations try to utilize some sort of validation process when somebody calls in for a password reset or any other service like, “Hey, I need help getting set up from home.” Okay, well how do we make sure and work with you to make sure that we know who we’re working with and how do you validate your people throughout these remote processes? It sounds like we have another question.

Rebecca Zaagman:
We have a couple of questions coming in about Microsoft Teams. How do I get started with Microsoft Teams if I haven’t used it before? Can Microsoft Teams do conference calls? And do we have any training materials on Teams so that we can get up to speed quickly?

Adam Devereaux:
Yeah. So the first thing I would say is that if you’re a Worksighted customer reach out to your account manager and we can start that conversation. Yes, you can use Teams for conference calls, you can use it for video conference calls. Basically, it’s the same as any other conference platform like GoToMeeting, Zoom, WebEx. They all have slightly different features, but the core feature set is there. There is an add-on to Microsoft Teams. It can be a little confusing sometimes, but I have that on my account. And what that means is when I send out a teams invite to other people, regardless of if they’re part of works edit or not, there’s a phone number and a conference dial and number. So users can both call in via the team’s app on their phone or on their computer or they can call using a phone.

Adam Devereaux:
Obviously just like with those other platforms, if you want video and screen sharing and those other features, then you have to join via the app, whether it’s on phone, or web app, or the PC, or Mac application. As far as training content, there’s a lot of great training content out there. The challenge is more finding the right training content so we can help you with that. Microsoft has a great teams adoption kit that has things like example emails to send out to your users, has links to training guides, training videos. So I think if we look at teams adoption there can be a very tailored kind of crisis communication strategy that you can put in place to get chat, get meetings, and to get your perhaps important communication channels in place.

Mike Harris:
And I can speak on the training piece. Worksighted has folks on staff that can lead your organizations through teams training. And so that’s actually something that you’re going to see communication coming out from us on that topic as well. But if you’re a Worksighted customer or you’re not currently a Worksighted customer reach out to us. If you’re Worksighted customer, as Adam said, go to your account manager. If you’re not, worksighted.com/remote-work. It has as a great landing page that you can go to, and ping us, and we can talk to you about getting started, but we can also talk to you about what we can do from a training perspective because you really need to make sure that the training is dialed in to the processes that your business has in place. Absolutely specific to your organization.
Adam Devereaux:
And something we can work on too is we can add some of those links to specific Microsoft resources, right? To that page as well.

Mike Harris:
Absolutely. There’s a lot of good free resources and we have some presentations, cam presentations and things that our team can share with you that are free and we’re happy to just give away.

Adam Devereaux:
Yup. Absolutely. All right, more questions?

Rebecca Zaagman:
Yup. Can you explain the difference between RDP versus VPN and how hard is it to set up?

Adam Devereaux:
Yeah, absolutely. So I’ll go kind of RDP one-on-one, VPN one-on-one here. When you think about your network as an organization, we’re oftentimes talking about a physical network inside of one building. So we’ll use that example because it’s simple. You’ve got servers. You’ve got network equipment, you have a firewall that’s at the edge of that physical network to the internet. When you’re inside the building, you’re either plugged in with a wire or you’re connected via wireless and that allows you to get to those work resources. So it might be file shares, it may be applications that are hosted within your server environment. There’s reasons why you and your users need to connect into your network inside the building. What VPN does is there’s a piece of software typically that runs on, let’s say, a laptop. When I’m from home, I run that software, I log in with my username and password, and it uses encryption to create a virtual connection to that network. So from my laptop’s perspective, it’s like I’m in the building, but instead of connecting inside of the building, I’m connecting through the internet connection.

Adam Devereaux:
So obviously that has a big impact potentially on bandwidth. Let’s say that I want to download a file from a file share that’s on my file server in the building and I’m at home, right? I may have a 50 Meg internet connection. Let’s say I have a hundred megabit fiber at the office, so I am going to download that file. And if it’s a small file, I may not even really notice the difference between it, if I double click and open that Excel document, for example. If it’s a 20 Meg, 50 Meg or larger file, it’s going to take time for that to download and I’ll feel that. And if I’m that one user and I’m using that 100 Meg connection, okay maybe that’s fine, but what if I have 50 people? And now we’re sharing that and when other users are downloading files and accessing resources, it impacts bandwidth pretty significantly. So VPN is that virtual network connection between my computer and the network.

Adam Devereaux:
RDP is a little bit different. So something that they figured out a long time ago is that in some ways it can be much more bandwidth efficient or easier for my users to connect to work resources, not by accessing them locally on their computer, but by using remote desktop protocols and other ones to actually connect to a computer that’s in the office. So a terminal server is just a special computer that multiple people can connect to as if it’s their computer and it’s almost like marrying that, right? Like strings for my keyboard or mouse are going to that computer. All those things are passing through programs running on the computer inside the building, and then it’s just sending me the picture of what’s happening on that computer. So in certain circumstances it can be a lot more bandwidth efficient or just better performance. There are certain applications that don’t like being run over VPN and they run much, much better if they’re on that remote desktop environment. So quick challenges on that are licensing and performance

Mike Harris:
I’ve always thought of that, if I’m using a VPN, the computing is happening on the device I’m sitting at and data is getting schlogged back and forth. If I’m using remote desktop, the computation is happening remotely wherever the data lives. I’m not schlogging data back and forth, and I’m just getting updates, and I see the screen and I know what’s happening over there. There are pluses and minuses to both and some things work in remote desktop and some things will not and you need to operate in VPN.

Adam Devereaux:
Is schlogging a technical term?

Mike Harris:
Yeah, schlogging is a technical term.

Adam Devereaux:
One of the things you have to consider too with a VPN versus RDP is if I’m enabling users on a home computer to connect via VPN, now I’ve basically put their home computer on my network, right? So you’re going to want to take a look at perhaps if somebody such as Worksighted is helping your users set that up, let’s run some virus scans, let’s kind of vet that computer device out. The other thing is full tunnel versus not. That’s something that’s pretty technical, but how it’s implemented matters as well.

Mike Harris:
Yeah. We’ve got another question. I want to add one comment on that before we take that question is please to Adam’s point be cautious from a security perspective. Everyone’s racing to be working remotely and enabling people that weren’t previously enabled. Don’t just willy nilly allow home devices that might not … they could already be breached or have malware on them and connect those into your network. The last thing you want in the middle of all of this is to get a ransomware attack or a security attack. Becky’s got another question.

Rebecca Zaagman:
All right, we’ve got two coming in. I’m going to throw both of them at you. One is what aren’t our customers asking that they should be asking? And the second one related to security is, are you noticing an increase in attacks targeted towards mobile devices such as phones, like SMS phishing? If so, what are some of your suggestions to protect against this? So two different questions. One, what are customers not asking? And two, what about SMS phishing and what to do about that?

Adam Devereaux:
So I’ll start with the SMS. I can’t say that we’ve seen a great volume increase. That’s not something that’s been specifically relayed from the security team. I have no doubt that there are voice and SMS phishing attacks that are probably more prevalent now. You may see people impersonating emergency alert systems. The good news from a mobile device standpoint is that it’s less of a vector for any sort of malicious code attacks like viruses and things like that because it’s much, much harder to get any sort of malware on an iPhone, for example. However, they still can be vulnerable to credential release. So anytime that your user, if they’re already set up on their phone, on their mobile device to connect into work resources, and they’re doing something and then it asks them to enter their username and password, they should stop, cancel out, and rethink exactly what they’re doing and make sure that what steps they’re taking are leading to a legitimate credential request. If you’re opening an attachment in an email and it’s asking for your Office 365 username and password, 99% of the time it’s not going to be legitimate.

Adam Devereaux:
So then the other question was in regards to what are people not asking about … I think one topic that we didn’t touch on, but that’s really important and it’s coming as an afterthought is voice, phone, phone systems, right? Some organizations absolutely depend on phones, some organizations barely use them, but it’s something you have to think about. How are you going to handle phone calls? How are people from the external world going to contact you? How are your users going to get those calls? Is it going to provide a good experience? Do you have fail over capabilities? And then I think one more topic that I think, we talked about this a little bit earlier today and then over the last couple of days, for us as well is what is your vulnerability to when people start to get sick? Do you have redundancy in your people positions?

Mike Harris:
Yeah. That’s a great one. I made a couple of notes. I think that was an excellent question whoever asked that as far as what are people not asking. Yes, we’re preparing for what’s happening now, but if folks get … you start to get sick and it will happen, what’s our succession planning? There are roles where you might be really, really vulnerable and you haven’t thought about it. Start thinking about it now because we’re seeing a lot of things happen that we never thought would happen and they’re happening really, really rapidly. What if movements are restricted? These things are real and can happen. Another thing that I made a note that customers aren’t asking about is canned policies on things. We’re not getting a lot of questions around canned policies.

Mike Harris:
Think about all the time you put into having policies in your office for things and all of a sudden we’ve thrown it away, and everyone’s remote, and it’s kind of laissez-faire. There are policies and things that can be put in place. Some of them are canned, they can at least get you started because you could be operating like this for a while. This might not just be tomorrow that it ends.

Adam Devereaux:
Yeah. Absolutely. All right. Another question?

Rebecca Zaagman:
Yes. What resources do you recommend that staff utilize to ensure that their home network is secure?

Adam Devereaux:
Boy, that’s a good question. I think one of the challenges is what devices are on it. The answer is really different if we’re talking about using their home computer versus bringing a work computer in. We don’t see a lot of cases where somebody, let’s say brings a work desktop into their home network, plugs it in, and then there’s a huge security risk, right? It’s theoretically possible, but it’s not a very likely scenario.

Adam Devereaux:
If they bring their work desktop and plug into the network, it’s not going to instantly get hacked. But you start using it for both-

Mike Harris:
No, but it sort of brings up a good point around Windows 7 and Windows 10. So for those folks that did not address Windows 7 to Windows 10, and those systems aren’t getting patched anymore and things like that, word of caution, if people are unplugging things and bringing it home, you do need to be careful in some of those scenarios.

Adam Devereaux:
Yeah, that’s a great point. Because if we look at the malware, the types of, let’s say, worms that were able to tunnel or connect from one computer on a network to another, oftentimes it was by exploiting outdated operating systems, right? We saw a Windows XP, the SMBv1 bugs where you get one computer infected in the network and quickly all of them that are vulnerable that can be infected. So keeping your work devices up-to-date, keeping patching up-to-date that can be a challenge. Another thing is that if you’re not connecting via VPN, this is a little aside and you do have Windows domain joined devices, you send them home for a while and they can become disconnected from the domain, right? They become kind of tombstoned, they will lose their trust relationship with the domain controllers. So it’s kind of a specific technical concern. But if they’re not able to communicate over the network … and then you can run into things like I’ve terminated an employee and I’ve changed their password, but they can still log into their computer because it doesn’t know the password has changed.

Mike Harris:
Well, and that brings up another great point, which comes along. And I know we have more questions. We’re going to take them. I’m going to keep going as long as

Adam Devereaux:
We’re here as long as we need to be.

Mike Harris:
… is all of a sudden you’re taking corporate assets and sending them home, what happens from an HR perspective when your devices and assets are now out of your control and you’re still going to have the same employment things happening over time that have always happened and you may have employee termination situations to handle and things like that. And now you no longer have physical control of these devices. Do you have the policies and procedures written and in place to make sure that you’re going to take care of those things from an HR perspective? These are other things.

Adam Devereaux:
Right. Well, are you tracking it? Are you tracking what you’re giving them?

Mike Harris:
Exactly. Do you know where your things are? Don’t just let them go. Again, take time, take a breath, don’t operate. It’s one thing to have crisis, it’s another to operate in chaos. And you don’t need to do that right now.

Adam Devereaux:
Right. Absolutely.

Mike Harris:
We have more questions.

Rebecca Zaagman:
What could some of the longterm impacts be as far as technology? Do you expect more moves to cloud?

Adam Devereaux:
Yes. I think that’s an easy answer. That’s happening anyway. I think you may see some organizations that are doing a interim step to get people working remotely and then as soon as that’s in place, we need to start thinking about what’s the longterm here. I don’t think that genie is going to get put back into the bottle. I think for a lot of organizations this represents a pretty significant shift in expectations from employees. I think we’ve shown now that a lot of these or may show that a lot of these positions are able to be done remotely. And so that could end up having a pretty big impact on culture and expectations. So then it’s more, how do we train people effectively? How do we spread culture effectively? So on the technology side, it’s like, “Do we have a learning management system? Are we having video training? Are we putting things in place like weekly management communication, maybe videos that are going out?” If you become a more virtual organization, you’re going to have to adopt more technologies that enable you to be successful in that space.

Mike Harris:
And I’ll add to that by saying this, for those of you that have compliance requirements, your compliance requirements didn’t go away. And I think that’s, again, from a policy perspective, a lot of folks are probably, “Well, it’s a unique time so we can kind of do what we want.” And that’s not really true. If you have certain compliance requirements, maybe you have to be, maybe you have PCI requirements or whatever and you were able to kind of enforce that inside your four walls and now all of a sudden everybody’s going remote, how are we making sure that we’re still compliant? And if you can be ahead of that in thinking about it, it could create huge opportunity for you in relation to your competitors if they’re ignoring some of those things.

Adam Devereaux:
Yeah. And from a technology standpoint, there may be steps that organizations are taking to move data to the cloud and then thinking of about security later. So things like multifactor authentication become all the more important because if I’m moving a bunch of my data into, let’s say, SharePoint, let’s say I’m moving away from an on prem file server and I’m moving to Teams and OneDrive based file storage, I need to think about two main things. One, my business identity for all my users, how do I protect that? And multi-factor is still the most effective way to prevent an unauthorized user to exploit your user’s credentials. And two would be that you put that, how do I put that? You potentially have backup concerns, DR concerns, right?

Adam Devereaux:
So you may have server backups and things in place right now that give you the requirements you have in terms of retention and frequency of backup. And there are certainly options within a lot of these cloud platforms, but they’re much more limited typically than what organizations are used to. So you may need to quickly evaluate adding a third party backup service to enable you to continue to have that consistency of those needs.

Mike Harris:
Yeah, and backup your cloud. A lot of folks want to skip backing up their cloud. They don’t want to back up their 365 and things like that for one reason or another. I would encourage you that you should be doing that and not skipping on that step because there’s limitations to what Microsoft … The backups there are more from the disaster recovery and continuity perspective. It’s not, “Hey I deleted stuff and I got to get it back from 90 days ago.” Uh-uh, it ain’t going to happen unless you got the right things in place. So just think about those things.

Adam Devereaux:
Right. And on that point I just wanted to touch on, because we do want to talk about business continuity, going back to what are some risks of having people connecting via their home environment. I do think as a general rule, especially when we see VPN connectivity spreading, your organizations may be at increased risk of getting malware, ransomware specifically, where your business data, your file server it’s encrypted and you need to make sure that not only do you have the capacity to recover quickly and with as fresh of data as possible, which means really frequent backups, but also it needs to be protected as well.

Adam Devereaux:
So there’s a term of like air-gapped or platform gap. If you’re a Windows environment, your Windows server environment becomes compromised, how do you make sure that your backups also don’t get compromised? This has been a continuing trend we’ve seen where these ransomware packages get more sophisticated. People will kind of wait a little while and scope everything out and figure out if they can delete the backups because they know if they can delete your backups, if they can encrypt your backups and corrupt those, then they’re much more likely to get a pay off from you.

Mike Harris:
Right.

Adam Devereaux:
So more questions.

Rebecca Zaagman:
Is multifactor authentication integrated into Teams SharePoint?

Adam Devereaux:
Yeah. So there’s a lot of different platforms out there that you can use for multi-factor depending on your situation. The short answer is yes, you want to make sure that before users are accessing those resources, you have an authentication layer in front of that that includes multi-factor. So a service that we use frequently is Duo. Microsoft has multifactor authentication in the platform as well. Depending on your situation, it may work well for you.

Mike Harris:
More questions, [Becca 00:42:10], right now?

Adam Devereaux:
So on the topic of business continuity, I think that obviously that’s a big topic. When we start talking about supply chain, we start talking about what are ways that we can have, we already mentioned the employee redundancy. What are some other things that you think businesses should be thinking about?

Mike Harris:
Boy, I kind of hinted at it earlier. If we do get restricted as far as our ability to move about and things like that, it’s going to create some unique hardships especially if people … your employees will start to get sick like you haven’t started to face that yet. But I would encourage you … we’re talking about it as a business. What are we going to do? How are we handling succession in key roles? And things like that. Nothing is business as usual right now. We kind of hear that phrase like a company’s saying like, “Well it’s business as usual.” If it’s business as usual and you’re not thinking about these things, then you need to start thinking about them because nothing right now is really business as usual.

Adam Devereaux:
Yeah. We saw that even over the last week where we had organizations, last week, Tuesday, Wednesday saying, “Hey, maybe we need to start thinking about some people being remote work and then by the end of the week, by Monday it was like, ‘We need to be able to go 100% remote.'” It was changing so quickly.

Mike Harris:
It’s funny, I was commenting with our executive team the other day that we do quarterly planning and every year we do an annual planning and one of the exercises we go through is a full SWOT. And one of the things we always talk about from a threats perspective are those external threats that we can’t control. We often talk about what happens if we have a downturn in the economy, et cetera, et cetera. And here we are, right? One of these unlikely events that you talk about it in a planning session, then you kind of laugh about it. You think about it a little bit, but here we are. So again, one thing I’ll plug is I do think this underscores the need for all companies need to have their planning. These need to be things that this isn’t the first time you’ve talked about it. So that’s, I think one lesson learned going forward for leaders, is make sure that you’re executing on a regular planning cycle so that you’re talking about these things.

Adam Devereaux:
Right. And I think it may be a little early to talk about recovery, but I think it’s something that we need to have on our mind. Are we going to return back to business as usual at some point and how do we make sure that we have continuity with our business partners and others as well? How do we get back to that state where everybody’s healthy? Obviously there’s a lot of uncertainty around that, but thinking about your business partners, thinking about ways that some may be more vulnerable than others and how can we support each other I think it’s going to be important.

Mike Harris:
Yeah. Again, there will never be business as usual. We talk about going back to the way it used to be. I think this is a little 9/11-ish in terms of the fact that the when things do get … they will get back into some ‘normal operations’, but is going to change everybody’s mindset forever. And so I would encourage business decision makers to be thinking about that going forward because your customers are going to ask these questions, right? They’re going to want to know. And this is a way that ultimately if you’re thinking about it, you become stronger in the long run because it becomes somewhat of an opportunity in terms of the fact that it causes us to think about these things that if our competitors aren’t talking about them, it gives you an advantage.

Adam Devereaux:
For sure.

Mike Harris:
Becca, we’ve got some questions.

Rebecca Zaagman:
Just a quick one. Can you explain what SWOT is?

Mike Harris:
Yeah. Sure. SWOT is a planning exercise. It’s called strengths, weaknesses, opportunities, and threats. And Google it, you’ll find all kinds of information around it. It’s not the SWAT team, but it’s a planning process. So essentially you lay out four quadrants and when you talk about strengths, you brainstorm as a team the things that are strengths within your organization. When you talk about weaknesses, you talk about internal things to your organization that are weaknesses that you need to improve on. Opportunities are things that are somewhat external, right? They are things that you may be could be capitalizing, new things to be thinking about, et cetera. And threats are also external things, right? External factors, new people entering marketplaces, things that could happen. That should include things like economic situations, pandemics, things like that, that are … they’re threats. And if they happen, is your organization going to be prepared and are you thinking about them?

Mike Harris:
So it’s something anyone can do. You can find a ton of resources on it and feel free to ping me. I’m always happy to share the things that we’re doing. We’re very open about kind of behind the curtain at Worksighted, what do we do from a planning and leadership perspective? How are we making decisions? I’m happy to talk about it.

Rebecca Zaagman:
Related to that again, how has Worksighted past SWOTS analysis helped in a situation?

Mike Harris:
Sure. I’ll feel that one, huh?

Adam Devereaux:
Yeah. Absolutely.

Mike Harris:
Well, I can tell you right now that it has helped us tremendously over the last few years because every year when we do it again, we pull out the one we did the previous year and we look back at it, and we refine it, and we get better. External threats like major economic downturns, situations like this are things that have come up and we’ve talked about. And one of the video pieces I put out that we’ve been pushing out content to our customers, make sure you know what we’re doing, I was chatting about the fact that we were ready to go as far as remote work was concerned. We were prepared to make the decision. We had policy changes ready to go. And when the governor made the announcement Thursday night that the schools were going to close Friday, we were ready to push out policy updates to our team and say, “Here’s where we’re at with remote work. Everybody’s capable of doing it. You’re prepared to do it. Here’s what our policy is going to look like now.” We modified our policies to allow for childcare and things like that.

Mike Harris:
So come Monday morning, our staff wasn’t panicked. We didn’t have to panic, “What am I going to do?” They knew by close of business on Friday, they had a safety net, they had a plan, and we’re up and running at 100%. And actually, absorbing large increases right now as far as demands from customers.

Adam Devereaux:
Which took really some dynamic reallocation of some of our workforce, right? Recognizing where that increased load was coming in and being able to shift people who are now being freed up on a specific like field work, for example. I’ll add to that from a standpoint of when I started at Worksighted policies, work policies, right? We were a much smaller, younger company.

Mike Harris:
I’m an entrepreneur. I don’t like policies, right?

Adam Devereaux:
Yeah, so that served as well for a time, but I think through the maturing process as an organization, which is what exercises were definitely part of, we recognized as we grew the need to have a people department, have policies, have a fairness around those things. So the organization has definitely grown up over the last few years to be in a much better spot to handle this for sure.

Mike Harris:
Definitely. Definitely.

Adam Devereaux:
One other area, I think personally I like to think about it from a community standpoint as well, we have the business community, but we also in this modern day and age, oftentimes the work community is a thing that people may not have otherwise, right? You have workers who are displaced in terms of their family isn’t from around here. They may not have other local community groups that they’re part of. So you kind of almost think about it from an expansion of scope of what you may want to do to help make sure your employees are safe, right? Food security, just making sure that people are supported. If you have an EAP, making sure that people know how to use that and understand that if it’s overloaded or not, like a lot of those resources are potentially getting hammered. How can you provide kind of support within the organization for your people?

Mike Harris:
Yeah. That’s one area our people department has been talking over the last few days, “How do we make sure that we’re keeping our people together?” A situation like this is, it really underscores why you need a people department more so than when things are operating wonderfully. You know, to your point about EAP, these are the assistance programs that we’ve put in place over the years for our employees using external providers and things and making sure that this is a stressful time for people, they’re worried, and what do we need to be doing to make sure that we’re helping our employees as much as we can. We’re making good smart business decisions. As a business leader, if you are not talking to your people, if you are not talking to your customers, I think that you’re making a mistake right now because it’s important that you’re letting them know what you’re doing.

Mike Harris:
You don’t have to have all the answers, but you have to be communicating so that people know internally and externally, I think, what you’re doing. But for the internal people, for your employees, it is a huge confidence builder for them to be communicated to and know that you’re talking about the tough questions and you’re doing the planning that’s necessary. But back to the people department piece, that culture piece, making sure you’re doing some things to keep your employees working as a team. Culture is super important. Don’t just chuck it out the window right now. This is where you want to be able to fall back on your culture. Our number one core value at Worksighted is I am most comfortable dressed as a superhero. And people kind of laugh at that, but this is the moment. These are the moments when our staff, as everyone lives out that value, when the going gets tough, they really rise to the occasion. It’s been incredible to see what our staff has been doing during this really, really challenging time.

Adam Devereaux:
Right. Yeah. So if we don’t have any more questions, I think we’re running out of time here. So thanks again everyone for joining. We will continue to try to be responsive to whatever your needs are. Understand that we’re having to reprioritize some of these requests that are coming in based on a need to enable people to work. So there’s certainly an increase, as you mentioned, in demand. We’re trying to make sure that we’re being as agile as possible to respond to those. So we appreciate your patience and you being a part of the larger Worksighted community.

Mike Harris:
Definitely. And again, I want to extend the same offer I did before. If there are other questions you have, if you want to know what we’re doing about something, what platform are we using, it doesn’t need to be about tech or something that you get from us as a partner, I’m perfectly happy to sit down with anybody who needs it in the business community and have a discussion around just the brainstorming and the complexities that go into leading through a really complicated time. So feel free to reach out. I’m absolutely happy to chat with anyone that needs it.

Adam Devereaux:
And we certainly had a lot of questions about Microsoft Teams. You’re going to see more content from us focused on how you can use that with a more narrow topic of how it can apply to this type of a situation. Yeah. So thanks again for joining us.

Mike Harris:
Thanks everyone. I really appreciate it.

Adam Devereaux:
See you next time.