ConnectWise Control
Live webinar recorded on March 17th at the Worksighted offices in Holland, MI
Webinar Description: The recent increase of COVID-19 cases not only has leaders at a global level concerned but local businesses as well. With the first cases of COVID-19 being reported in Michigan recently, many of us are still unsure of what types of interruptions we can expect in the workplace now that it has become a concern in Michigan. We are sure you have questions about how to prepare and protect your business and we are here to help. Join Adam and Mike on Tuesday, March 17th, for a live webinar where you can ask questions and bring your concerns.
Let’s Jump In
Adam Devereaux:
Hello everyone and welcome to another Worksighted NXT Webinar, a special
webinar. We wanted to create an opportunity to connect with our community and
talk about what’s going on, this kind of dynamic situation and provide you an
opportunity to really ask us some questions and learn about what other people
are doing and what we’re seeing. So you may notice it’s a little bit of a
different setup than what we usually have if you watch any of our other
webinars. So the little awkwardness here, we’ll try and make it work, but we’re
doing the social distancing. So I have a special guest with me here today.
Mike Harris:
My name is Mike Harris. I’m the CEO at Worksighted and I feel a little bit like
we’re at a middle school dance right now.
Adam Devereaux:
Yeah, exactly. It’s pretty good now.
Mike Harris:
But I want to welcome all of you again. We pulled this together in fairly short
order because we felt like what we’ve seen on our team is a dramatic increase
in inbound requests. We’ve seen our inbound requests load balloon 60 to 70%
over the last 48 hours with huge amounts of requests coming in around remote
work, security, business continuity, voice and video collab and things like
that. And as well, there’s not just the technical challenges that everybody’s facing,
but there’s also the business challenges. So I wanted to open myself up to
address any questions that business decision makers might have if they want to
ask some of the things we’re doing. We are operating as almost a complete
remote workforce right now except for essential staff and operations that need
to be in one of our facilities. But we are operating at 100%.
Adam Devereaux:
Yeah, there’s obviously a lot of changes we’ve had to make, but really the
opportunity here is for you to ask questions. So the intention is for this to
be a conversation as much as possible. We do have some topics we want to go
over in the meantime, some categories. And then as you ask questions, our
coworker here, Rebecca, is in the background and she will be letting us know
and feeding us your question. So go ahead and ask those now and along the way
and we’ll make sure to address those either as we’re going along or at the end.
So really kind of the first area we want to talk about is what is the problem
that a lot of businesses are facing and a lot of organizations are facing. And
that it’s really a general topic because in many ways it’s everything, right?
And it really depends organization to organization.
Mike Harris:
Yeah, it really is Adam. All of us as companies are dealing with an extremely
fluid situation where we’re having to make rapid, pretty dramatic business
decisions that decision makers would often have significant amounts of time to
decide what they wanted to do. We’re having to adapt in real time and enact,
not just a new technologies that we’re having to put in place to enable our
workforce, but corporate policies, HR decisions, security concerns. It’s really
much bigger than just the tech side of things.
Adam Devereaux:
Yeah, absolutely. That’s what we want to focus on today. Three main categories
would be remote work, enabling remote work for your users, best practices,
challenges that people are having, security through this time and how bad
actors are trying to take advantage of this, and then business continuity. So
we’ll see if we get to address all of that. But we definitely want to talk
about remote work. Really just within a matter of days we’ve seen massive
changes from day to day, even internally as we were planning, Thursday to
Friday, it’s over the weekend to Monday. Yes?
Adam Devereaux:
Yeah. And another factor here that we saw, we’ll probably talk about this a
little more later, is that a lot of these conferencing service have been
getting slammed from Zoom teams, et cetera. Largely they’ve been able to keep
up, but there’s been someā¦
Mike Harris:
Yeah, I think we shot teams in Europe go offline yesterday for a while-
Adam Devereaux:
For a couple of hours in.
Mike Harris:
…. so these systems and infrastructure are just getting absolutely stressed
to the max.
Adam Devereaux:
Right. It’s specifically on teams. What I’ve heard from Microsoft is that it
isn’t a capacity issue, but more specific ways that it’s structured that they
hit bottlenecks in different resources and services that make it work. So
they’re having to rapidly keep up with that and try to keep the experience
good. So bear with us if we have any technical difficulties.
Mike Harris:
And some of the things we’ve had to do as an organization is, as I indicated in
the beginning, we’re operating almost completely remotely, but we’ve had to put
some new procedures in place to make sure that we’re effectively able to
prioritize requests for customers. So we’ve leveraged things like Microsoft
Teams with specialized communication channels. As far as our employees, we’ve
created rapid response teams and we’re really trying to make sure that we’re
removing red tape and we’re making sure that internally our approval processes
are being adjusted so that when customer requests are coming in that are
extremely time sensitive, we’re able to make sure that our employees are able
to make the decisions necessary to move really, really quickly. And this is
something that all companies are facing right now in many different ways.
Adam Devereaux:
Yeah, uncertainty is our enemy in many cases. I think speaking on the topic of
what we’ve done, one thing I think was successful was trying to divide
communication up so that we are having specific channels and teams. We have an
org wide team and we created a specific channel for a serious code 19
communication, right? There’s other channels and opportunities for people to
talk more casually and meme and joke around. But we wanted to make sure one
channel was clean and a resource for people to go to and see that serious
content.
Mike Harris:
Absolutely. Let’s talk a little bit about the types of requests that we’re
seeing actually come in from a remote work perspective, what are we seeing
clients ask for? Because many clients are equipped in some way, shape, or form
already for remote work. The issue is the load that’s being placed on it. They
weren’t necessarily ready to have, “Hey, I need my whole staff or a huge
portion of my staff to start working remotely.” And all the other things
that come along with that. So can you speak a little bit to some of the
technology related requests that we’re seeing come in around remote work?
Adam Devereaux:
Yeah, absolutely. I think a lot of organizations are confused on their
readiness for remote work. Even if they had some capacity or some adoption of
cloud services, they were still in a hybrid state. They aren’t sure if they
need to expand their VPN usage, or use remote desktop services, or just use
cloud things directly. But I think we have to acknowledge too that for every
business it’s unique and there’s a lot of organizations out there in the
community that are really going to be hit much, much harder than others on
this. So something to keep in mind and even as a business community how we can
help each other, certainly the answer for manufacturing facility is going to be
very different from a community organization, a nonprofit, or any other
professional services organization that can essentially perform at 100%
remotely.
Adam Devereaux:
So I think as far as the technology side of it, the uncertainty around how we
expand that remote scope. So we start to look at things like what resources and
applications do your users need to access. So it’s really the most important
starting point is understanding what are the services that you’re offering to
your users to work successfully. And that can end up including a lot of
interesting things that companies hadn’t really thought about like some
positions require printing a lot of paperwork and if you have people working
from home, their home printer isn’t going to work for that. And if they have the
papers printed at home, how do they get that content to someone else? So it
might even be about changing some of your processes and workflows to
accommodate the new reality of the geographic distance between people.
Mike Harris:
Well, I think that’s a great point. And many of us, we think about remote work,
we’ve been implementing remote work for our employees often as more of a
strategy around employee engagement and wanting to be flexible, et cetera, et
cetera. And so we’ve kind of given control over which jobs enable remote work
around, but the problem is that there are certain roles that are critical to
all of our businesses, like finance and things like that where we tend to look
at them and say, “Well, these portions of it, I’ll allow for remote
work.” But now we’re all of a sudden faced with these complex business
decisions where I need all of it to happen remotely. To your point, how do I
print checks and get them out the door if I’m remote? How do I deposit checks
if I’m remote? Right? All of these kind of more complex issues that we thought
that we had the option to kind of choose who it is we wanted to work remotely,
but now the universe is kind of making the decision for us and we’re having to
figure it out on the fly.
Adam Devereaux:
Right. Yeah. And that can mean a variety of challenges from a technology
standpoint. And it’s the old 80-20 rule, right? We enabled remote work, the
easiest remote work. And even for us as an organization, there are certainly
positions that I demand needed to be available for remote work or we were
strategic about being able to enable certain people to work remotely. But
getting that last 20% is oftentimes the biggest challenge and may require some
pretty significant changes. So going back to the topic of specific technology,
there’s some other pitfalls that we’ve seen. Internet connectivity speed is a
big one. If your resources that your users need to access is back at your
building, at your server environment, at wherever you’re hosting those different
services, that’s something you have to take a close look at. If you don’t have
to have people connect back to the building, try to avoid it, right?
Adam Devereaux:
If there’s a different way that they can access those resources, but still in a
secure, safe way, that may be a better way to handle it. So internet
connectivity and then we have firewalls. So with firewalls some of those were
being used for VPN clients and they’d have capacity limitations, whether it’s
like hardware limitations and the number of people that can be active as a VPN
client at one time, or performance limitations, or licensing limitations. All
of those things have to be considered. So we’ve seen organizations try to do
rush firewall upgrade projects right now. And that’s part of our rapid response
is trying to enable organizations to get these inks implemented, but we have
limitations on availability in some cases on that gear. That’s a big challenge.
Mike Harris:
And we’re seeing, does everyone have a laptop? Right? It’s easy if you have a
laptop, I can take that home. But what about desktops? We’re seeing clients,
again, some of these roles that we didn’t design to be remote, all of a sudden
we’re being forced to have them operate remotely. And so we’re getting requests
from clients, “Can I just pick up my desktop and take it home and set it
back up again?” And that poses some unique challenges because your desktop
might not have WiFi. Do you have cabling in your house and infrastructure in
place to be able to get these things up and running? And your desktops might
not have necessary VPN clients and software in place because you don’t normally
use those devices remotely? Can you speak to that topic a little bit?
Adam Devereaux:
Yeah, I think, that specific conundrum of, “Do we let users, do we let our
people connect via home devices that they already have versus bringing their
business devices with them to their home environment?” Both represent
unique challenges. One on the security side that we’ll talk more about, but if
you have people connecting in to work resources from their home computers,
there are ways that it’s more secure than others and you don’t know what’s
going on with that home computer. Was some 12-year-old downloading Minecraft
mods that ended up having malware on them and it’s a compromised computer, and
now you have them logging in with their work resource credentials, and then
opening up the business to security concerns.
Adam Devereaux:
And then the other side of that is, well, even if you do say, “Okay, take
your desktop with you.” How many people’s homes are set up where they have
a place that they are going to set aside … and we’ll kind of talk about the
culture side of that, that they’ll set aside to locate that, and kind of work
from home in a productive way, and integrate that with their home technology,
and do they get a good experience? Right? So now from a support standpoint,
that’s also a big challenge that we’re seeing because now somebody has to help
them get that set up, somebody has to potentially work with them through
problems that may even mean them contacting their ISPs and trying to get speed
limits increased. There’s a lot of work that goes into that. It’s never as easy
as just grab your desktop, bring it home, and you’re good to go. Some users it
will be, but a lot of other ones, it’s going to be a lot bigger challenge for
sure.
Mike Harris:
Well, and I don’t know if we have any HR folks on right now. But certainly,
managers, there is a whole, “Okay, if I get my staff working remotely, how
am I managing, and communicating, and making sure that they’re engaged? How am
I making sure that they’re getting what they need? How are we conducting things
like one-on-ones?” Do we have platforms in place from an HR perspective to
be able to coach and manage people? Because they need coaching, they need
one-on-ones, they need communication now more than ever. And here we are in a
unique situation where we’re really kind of pushing the envelope of most of our
HR practices, and platforms, and systems, and softwares.
Mike Harris:
So do we have those in place? And if not, there’s a lot of cloud platforms and
things that could be put in place to facilitate some of those to make sure that
we’re having the conversations. Because again, we’re all adapting by the day
and we don’t know what the rules are going to look like tomorrow. We don’t know
when we’re going to have our teams back together again. So it’s really, really
more important now than ever that we’re communicating and we’re seeing a lot of
companies that are behind the curve on having those tools in place to be able
to facilitate things like that.
Adam Devereaux:
Right. It’s a big challenge. You’re talking about official communication, but
also how do you provide the water cooler communication? How do you provide a
sense of community for your people? So we’re seeing things on the technology
side of it where they’re doing things like having a team stand up every single
day, maybe a start of the day, end of the day stand up. So people are checking
in with each other, making sure that you have tools like Microsoft Teams or
things like that where you can have kind of persistent and chat and ways that
people can feel connected. But that’s that’s going to be a big challenge and I
think for every organization they’re going to have to figure out a different
way to handle that for sure.
Mike Harris:
Yeah. And I can there speak a little bit to what we’re doing as an
organization. So at the leadership level, our executive team has a 15 minute
huddle every single morning online right now just to make sure that we’re all
in sync with the unique challenges, things that may have come up overnight,
making sure that we’re on the same page. That’s immediately followed up by
another 15 minute stand up with our entire leadership team, all the managers in
the company, to make sure that we’re communicating in real time and we all
understand what are the challenges that we’re facing because culture is so
important and culture is going to help us as companies get through this really,
really challenging time. How do we make sure that we preserve our culture and
it doesn’t kind of fall apart on us during these times? We have to be
communicating.
Adam Devereaux:
Yeah. It’s kind of a big experiment in many ways right now. I mean this is
obviously not a situation where can make light of. It’s very serious. We’re
talking about life and death for individuals, but also for organizations. So
the whole goal here is to try to be available as best we can as a community
partner and business partner to help you through these circumstances.
Mike Harris:
You’ve hinted a little bit at security earlier. So let’s … Becky has got her
hand up, which means we’ve got some questions.
Rebecca Zaagman:
All right. We’ve got a question. What kind of security traps has Worksighted
encountered related to COVID-19. What should I tell my users?
Mike Harris:
Perfect question because that’s right where I was going. I don’t know who you
are, but you’re hired. Let’s talk about security now a little bit because our
security team is seeing an uptick. We expected this and we are seeing it. They
wanted us to make sure that during this webinar we called out any communication
you’re seeing in email around COVID-19. You should assume that by default it’s
malicious. And if you’re on our security platform, have our team check it and
make sure that it’s okay. We are seeing those come through. We are seeing
people click on them and it is creating breach situations.
Adam Devereaux:
Right. Yeah, absolutely. It’s happening right now. And even the governmental
organizations like the WHO have issued warnings that people are impersonating
them to send out information, communication, surveys, other things along those
lines. So I think one of the big things is to message your users to be more
wary, slow down, don’t click on anything unless they can verify first that it’s
legit, which is more difficult in a remote work environment as well, because in
many cases when people are not face to face, they may forgo some of those
checks that they otherwise would use. So make sure that they’re following
policy if they’re checking things. The biggest breach concerns that we see are
credential release where somebody’s clicking on something and then putting in
their credential information and they shouldn’t be or that they download some
sort of malware or some sort of attachment to their computer that causes your
environment to be compromised.
Mike Harris:
I want to add to that. When we’re in a scenario where our entire team is trying
to function remotely, some of the protocols we’re putting in place at the
executive level, the things we would do are, “Hey, don’t send that wire
unless you talk to me, et cetera, et cetera.” They become much more
difficult. So attackers, they know we’re all dealing with a certain situation.
They know that they can send you an email about your flight that got canceled
and there’s maybe a 30% chance that applies to you somehow or other and you’re
going to tend to click on that thing. So I would definitely caution, especially
people in finance and HR and things like, put some special precautions in
place. We have done that.
Mike Harris:
We have special precautions in place between myself and our finance director
and things like that to make sure that in scenarios where we are remote, I
can’t put my head in his office and make sure he sees my face. We have special
controls in place that only he and I know so he can verify my identity. We
don’t put it in an email, we never put it in electronic communication. Nobody
knows how we do that, but we have our systems and those are the things that you
have to put in place. Basic procedures. If you’re in Microsoft Teams, you have
video, use it. It doesn’t just have to be chat. Make sure that you’re taking
every measure you can to verify the identity of the person you’re talking to.
Adam Devereaux:
Well, one quick thing I wanted to add on to that, that you talked about is
verification. And this ties into security for things like IT support requests
as well. We’re already seeing more organizations try to utilize some sort of
validation process when somebody calls in for a password reset or any other
service like, “Hey, I need help getting set up from home.” Okay, well
how do we make sure and work with you to make sure that we know who we’re
working with and how do you validate your people throughout these remote
processes? It sounds like we have another question.
Rebecca Zaagman:
We have a couple of questions coming in about Microsoft Teams. How do I get
started with Microsoft Teams if I haven’t used it before? Can Microsoft Teams
do conference calls? And do we have any training materials on Teams so that we
can get up to speed quickly?
Adam Devereaux:
Yeah. So the first thing I would say is that if you’re a Worksighted customer
reach out to your account manager and we can start that conversation. Yes, you
can use Teams for conference calls, you can use it for video conference calls.
Basically, it’s the same as any other conference platform like GoToMeeting,
Zoom, WebEx. They all have slightly different features, but the core feature
set is there. There is an add-on to Microsoft Teams. It can be a little
confusing sometimes, but I have that on my account. And what that means is when
I send out a teams invite to other people, regardless of if they’re part of
works edit or not, there’s a phone number and a conference dial and number. So
users can both call in via the team’s app on their phone or on their computer
or they can call using a phone.
Adam Devereaux:
Obviously just like with those other platforms, if you want video and screen
sharing and those other features, then you have to join via the app, whether
it’s on phone, or web app, or the PC, or Mac application. As far as training
content, there’s a lot of great training content out there. The challenge is
more finding the right training content so we can help you with that. Microsoft
has a great teams adoption kit that has things like example emails to send out
to your users, has links to training guides, training videos. So I think if we
look at teams adoption there can be a very tailored kind of crisis
communication strategy that you can put in place to get chat, get meetings, and
to get your perhaps important communication channels in place.
Mike Harris:
And I can speak on the training piece. Worksighted has folks on staff that can
lead your organizations through teams training. And so that’s actually
something that you’re going to see communication coming out from us on that
topic as well. But if you’re a Worksighted customer or you’re not currently a
Worksighted customer reach out to us. If you’re Worksighted customer, as Adam
said, go to your account manager. If you’re not, worksighted.com/remote-work.
It has as a great landing page that you can go to, and ping us, and we can talk
to you about getting started, but we can also talk to you about what we can do
from a training perspective because you really need to make sure that the
training is dialed in to the processes that your business has in place.
Absolutely specific to your organization.
Adam Devereaux:
And something we can work on too is we can add some of those links to specific
Microsoft resources, right? To that page as well.
Mike Harris:
Absolutely. There’s a lot of good free resources and we have some
presentations, cam presentations and things that our team can share with you
that are free and we’re happy to just give away.
Adam Devereaux:
Yup. Absolutely. All right, more questions?
Rebecca Zaagman:
Yup. Can you explain the difference between RDP versus VPN and how hard is it
to set up?
Adam Devereaux:
Yeah, absolutely. So I’ll go kind of RDP one-on-one, VPN one-on-one here. When
you think about your network as an organization, we’re oftentimes talking about
a physical network inside of one building. So we’ll use that example because
it’s simple. You’ve got servers. You’ve got network equipment, you have a
firewall that’s at the edge of that physical network to the internet. When
you’re inside the building, you’re either plugged in with a wire or you’re
connected via wireless and that allows you to get to those work resources. So
it might be file shares, it may be applications that are hosted within your
server environment. There’s reasons why you and your users need to connect into
your network inside the building. What VPN does is there’s a piece of software
typically that runs on, let’s say, a laptop. When I’m from home, I run that
software, I log in with my username and password, and it uses encryption to
create a virtual connection to that network. So from my laptop’s perspective,
it’s like I’m in the building, but instead of connecting inside of the
building, I’m connecting through the internet connection.
Adam Devereaux:
So obviously that has a big impact potentially on bandwidth. Let’s say that I
want to download a file from a file share that’s on my file server in the
building and I’m at home, right? I may have a 50 Meg internet connection. Let’s
say I have a hundred megabit fiber at the office, so I am going to download
that file. And if it’s a small file, I may not even really notice the
difference between it, if I double click and open that Excel document, for
example. If it’s a 20 Meg, 50 Meg or larger file, it’s going to take time for
that to download and I’ll feel that. And if I’m that one user and I’m using
that 100 Meg connection, okay maybe that’s fine, but what if I have 50 people?
And now we’re sharing that and when other users are downloading files and
accessing resources, it impacts bandwidth pretty significantly. So VPN is that
virtual network connection between my computer and the network.
Adam Devereaux:
RDP is a little bit different. So something that they figured out a long time
ago is that in some ways it can be much more bandwidth efficient or easier for
my users to connect to work resources, not by accessing them locally on their
computer, but by using remote desktop protocols and other ones to actually
connect to a computer that’s in the office. So a terminal server is just a
special computer that multiple people can connect to as if it’s their computer
and it’s almost like marrying that, right? Like strings for my keyboard or
mouse are going to that computer. All those things are passing through programs
running on the computer inside the building, and then it’s just sending me the
picture of what’s happening on that computer. So in certain circumstances it
can be a lot more bandwidth efficient or just better performance. There are
certain applications that don’t like being run over VPN and they run much, much
better if they’re on that remote desktop environment. So quick challenges on
that are licensing and performance
Mike Harris:
I’ve always thought of that, if I’m using a VPN, the computing is happening on
the device I’m sitting at and data is getting schlogged back and forth. If I’m
using remote desktop, the computation is happening remotely wherever the data
lives. I’m not schlogging data back and forth, and I’m just getting updates,
and I see the screen and I know what’s happening over there. There are pluses
and minuses to both and some things work in remote desktop and some things will
not and you need to operate in VPN.
Adam Devereaux:
Is schlogging a technical term?
Mike Harris:
Yeah, schlogging is a technical term.
Adam Devereaux:
One of the things you have to consider too with a VPN versus RDP is if I’m
enabling users on a home computer to connect via VPN, now I’ve basically put
their home computer on my network, right? So you’re going to want to take a
look at perhaps if somebody such as Worksighted is helping your users set that
up, let’s run some virus scans, let’s kind of vet that computer device out. The
other thing is full tunnel versus not. That’s something that’s pretty
technical, but how it’s implemented matters as well.
Mike Harris:
Yeah. We’ve got another question. I want to add one comment on that before we
take that question is please to Adam’s point be cautious from a security
perspective. Everyone’s racing to be working remotely and enabling people that
weren’t previously enabled. Don’t just willy nilly allow home devices that
might not … they could already be breached or have malware on them and
connect those into your network. The last thing you want in the middle of all
of this is to get a ransomware attack or a security attack. Becky’s got another
question.
Rebecca Zaagman:
All right, we’ve got two coming in. I’m going to throw both of them at you. One
is what aren’t our customers asking that they should be asking? And the second
one related to security is, are you noticing an increase in attacks targeted
towards mobile devices such as phones, like SMS phishing? If so, what are some
of your suggestions to protect against this? So two different questions. One,
what are customers not asking? And two, what about SMS phishing and what to do
about that?
Adam Devereaux:
So I’ll start with the SMS. I can’t say that we’ve seen a great volume
increase. That’s not something that’s been specifically relayed from the
security team. I have no doubt that there are voice and SMS phishing attacks
that are probably more prevalent now. You may see people impersonating
emergency alert systems. The good news from a mobile device standpoint is that
it’s less of a vector for any sort of malicious code attacks like viruses and
things like that because it’s much, much harder to get any sort of malware on
an iPhone, for example. However, they still can be vulnerable to credential
release. So anytime that your user, if they’re already set up on their phone,
on their mobile device to connect into work resources, and they’re doing
something and then it asks them to enter their username and password, they
should stop, cancel out, and rethink exactly what they’re doing and make sure
that what steps they’re taking are leading to a legitimate credential request.
If you’re opening an attachment in an email and it’s asking for your Office 365
username and password, 99% of the time it’s not going to be legitimate.
Adam Devereaux:
So then the other question was in regards to what are people not asking about
… I think one topic that we didn’t touch on, but that’s really important and
it’s coming as an afterthought is voice, phone, phone systems, right? Some
organizations absolutely depend on phones, some organizations barely use them,
but it’s something you have to think about. How are you going to handle phone
calls? How are people from the external world going to contact you? How are
your users going to get those calls? Is it going to provide a good experience?
Do you have fail over capabilities? And then I think one more topic that I
think, we talked about this a little bit earlier today and then over the last
couple of days, for us as well is what is your vulnerability to when people
start to get sick? Do you have redundancy in your people positions?
Mike Harris:
Yeah. That’s a great one. I made a couple of notes. I think that was an
excellent question whoever asked that as far as what are people not asking.
Yes, we’re preparing for what’s happening now, but if folks get … you start
to get sick and it will happen, what’s our succession planning? There are roles
where you might be really, really vulnerable and you haven’t thought about it.
Start thinking about it now because we’re seeing a lot of things happen that we
never thought would happen and they’re happening really, really rapidly. What
if movements are restricted? These things are real and can happen. Another
thing that I made a note that customers aren’t asking about is canned policies
on things. We’re not getting a lot of questions around canned policies.
Mike Harris:
Think about all the time you put into having policies in your office for things
and all of a sudden we’ve thrown it away, and everyone’s remote, and it’s kind
of laissez-faire. There are policies and things that can be put in place. Some
of them are canned, they can at least get you started because you could be
operating like this for a while. This might not just be tomorrow that it ends.
Adam Devereaux:
Yeah. Absolutely. All right. Another question?
Rebecca Zaagman:
Yes. What resources do you recommend that staff utilize to ensure that their
home network is secure?
Adam Devereaux:
Boy, that’s a good question. I think one of the challenges is what devices are
on it. The answer is really different if we’re talking about using their home
computer versus bringing a work computer in. We don’t see a lot of cases where
somebody, let’s say brings a work desktop into their home network, plugs it in,
and then there’s a huge security risk, right? It’s theoretically possible, but
it’s not a very likely scenario.
Adam Devereaux:
If they bring their work desktop and plug into the network, it’s not going to
instantly get hacked. But you start using it for both-
Mike Harris:
No, but it sort of brings up a good point around Windows 7 and Windows 10. So
for those folks that did not address Windows 7 to Windows 10, and those systems
aren’t getting patched anymore and things like that, word of caution, if people
are unplugging things and bringing it home, you do need to be careful in some
of those scenarios.
Adam Devereaux:
Yeah, that’s a great point. Because if we look at the malware, the types of,
let’s say, worms that were able to tunnel or connect from one computer on a
network to another, oftentimes it was by exploiting outdated operating systems,
right? We saw a Windows XP, the SMBv1 bugs where you get one computer infected
in the network and quickly all of them that are vulnerable that can be
infected. So keeping your work devices up-to-date, keeping patching up-to-date
that can be a challenge. Another thing is that if you’re not connecting via
VPN, this is a little aside and you do have Windows domain joined devices, you
send them home for a while and they can become disconnected from the domain,
right? They become kind of tombstoned, they will lose their trust relationship
with the domain controllers. So it’s kind of a specific technical concern. But
if they’re not able to communicate over the network … and then you can run
into things like I’ve terminated an employee and I’ve changed their password,
but they can still log into their computer because it doesn’t know the password
has changed.
Mike Harris:
Well, and that brings up another great point, which comes along. And I know we
have more questions. We’re going to take them. I’m going to keep going as long
as
Adam Devereaux:
We’re here as long as we need to be.
Mike Harris:
… is all of a sudden you’re taking corporate assets and sending them home,
what happens from an HR perspective when your devices and assets are now out of
your control and you’re still going to have the same employment things
happening over time that have always happened and you may have employee
termination situations to handle and things like that. And now you no longer
have physical control of these devices. Do you have the policies and procedures
written and in place to make sure that you’re going to take care of those
things from an HR perspective? These are other things.
Adam Devereaux:
Right. Well, are you tracking it? Are you tracking what you’re giving them?
Mike Harris:
Exactly. Do you know where your things are? Don’t just let them go. Again, take
time, take a breath, don’t operate. It’s one thing to have crisis, it’s another
to operate in chaos. And you don’t need to do that right now.
Adam Devereaux:
Right. Absolutely.
Mike Harris:
We have more questions.
Rebecca Zaagman:
What could some of the longterm impacts be as far as technology? Do you expect
more moves to cloud?
Adam Devereaux:
Yes. I think that’s an easy answer. That’s happening anyway. I think you may
see some organizations that are doing a interim step to get people working
remotely and then as soon as that’s in place, we need to start thinking about
what’s the longterm here. I don’t think that genie is going to get put back
into the bottle. I think for a lot of organizations this represents a pretty
significant shift in expectations from employees. I think we’ve shown now that
a lot of these or may show that a lot of these positions are able to be done
remotely. And so that could end up having a pretty big impact on culture and
expectations. So then it’s more, how do we train people effectively? How do we
spread culture effectively? So on the technology side, it’s like, “Do we
have a learning management system? Are we having video training? Are we putting
things in place like weekly management communication, maybe videos that are
going out?” If you become a more virtual organization, you’re going to
have to adopt more technologies that enable you to be successful in that space.
Mike Harris:
And I’ll add to that by saying this, for those of you that have compliance
requirements, your compliance requirements didn’t go away. And I think that’s,
again, from a policy perspective, a lot of folks are probably, “Well, it’s
a unique time so we can kind of do what we want.” And that’s not really
true. If you have certain compliance requirements, maybe you have to be, maybe
you have PCI requirements or whatever and you were able to kind of enforce that
inside your four walls and now all of a sudden everybody’s going remote, how
are we making sure that we’re still compliant? And if you can be ahead of that
in thinking about it, it could create huge opportunity for you in relation to
your competitors if they’re ignoring some of those things.
Adam Devereaux:
Yeah. And from a technology standpoint, there may be steps that organizations
are taking to move data to the cloud and then thinking of about security later.
So things like multifactor authentication become all the more important because
if I’m moving a bunch of my data into, let’s say, SharePoint, let’s say I’m
moving away from an on prem file server and I’m moving to Teams and OneDrive
based file storage, I need to think about two main things. One, my business identity
for all my users, how do I protect that? And multi-factor is still the most
effective way to prevent an unauthorized user to exploit your user’s
credentials. And two would be that you put that, how do I put that? You
potentially have backup concerns, DR concerns, right?
Adam Devereaux:
So you may have server backups and things in place right now that give you the
requirements you have in terms of retention and frequency of backup. And there
are certainly options within a lot of these cloud platforms, but they’re much
more limited typically than what organizations are used to. So you may need to
quickly evaluate adding a third party backup service to enable you to continue
to have that consistency of those needs.
Mike Harris:
Yeah, and backup your cloud. A lot of folks want to skip backing up their
cloud. They don’t want to back up their 365 and things like that for one reason
or another. I would encourage you that you should be doing that and not
skipping on that step because there’s limitations to what Microsoft … The
backups there are more from the disaster recovery and continuity perspective.
It’s not, “Hey I deleted stuff and I got to get it back from 90 days
ago.” Uh-uh, it ain’t going to happen unless you got the right things in place.
So just think about those things.
Adam Devereaux:
Right. And on that point I just wanted to touch on, because we do want to talk
about business continuity, going back to what are some risks of having people
connecting via their home environment. I do think as a general rule, especially
when we see VPN connectivity spreading, your organizations may be at increased
risk of getting malware, ransomware specifically, where your business data,
your file server it’s encrypted and you need to make sure that not only do you
have the capacity to recover quickly and with as fresh of data as possible,
which means really frequent backups, but also it needs to be protected as well.
Adam Devereaux:
So there’s a term of like air-gapped or platform gap. If you’re a Windows environment,
your Windows server environment becomes compromised, how do you make sure that
your backups also don’t get compromised? This has been a continuing trend we’ve
seen where these ransomware packages get more sophisticated. People will kind
of wait a little while and scope everything out and figure out if they can
delete the backups because they know if they can delete your backups, if they
can encrypt your backups and corrupt those, then they’re much more likely to
get a pay off from you.
Mike Harris:
Right.
Adam Devereaux:
So more questions.
Rebecca Zaagman:
Is multifactor authentication integrated into Teams SharePoint?
Adam Devereaux:
Yeah. So there’s a lot of different platforms out there that you can use for
multi-factor depending on your situation. The short answer is yes, you want to
make sure that before users are accessing those resources, you have an
authentication layer in front of that that includes multi-factor. So a service
that we use frequently is Duo. Microsoft has multifactor authentication in the
platform as well. Depending on your situation, it may work well for you.
Mike Harris:
More questions, [Becca 00:42:10], right now?
Adam Devereaux:
So on the topic of business continuity, I think that obviously that’s a big
topic. When we start talking about supply chain, we start talking about what
are ways that we can have, we already mentioned the employee redundancy. What
are some other things that you think businesses should be thinking about?
Mike Harris:
Boy, I kind of hinted at it earlier. If we do get restricted as far as our
ability to move about and things like that, it’s going to create some unique
hardships especially if people … your employees will start to get sick like
you haven’t started to face that yet. But I would encourage you … we’re
talking about it as a business. What are we going to do? How are we handling
succession in key roles? And things like that. Nothing is business as usual
right now. We kind of hear that phrase like a company’s saying like, “Well
it’s business as usual.” If it’s business as usual and you’re not thinking
about these things, then you need to start thinking about them because nothing
right now is really business as usual.
Adam Devereaux:
Yeah. We saw that even over the last week where we had organizations, last
week, Tuesday, Wednesday saying, “Hey, maybe we need to start thinking
about some people being remote work and then by the end of the week, by Monday
it was like, ‘We need to be able to go 100% remote.'” It was changing so
quickly.
Mike Harris:
It’s funny, I was commenting with our executive team the other day that we do
quarterly planning and every year we do an annual planning and one of the
exercises we go through is a full SWOT. And one of the things we always talk
about from a threats perspective are those external threats that we can’t
control. We often talk about what happens if we have a downturn in the economy,
et cetera, et cetera. And here we are, right? One of these unlikely events that
you talk about it in a planning session, then you kind of laugh about it. You
think about it a little bit, but here we are. So again, one thing I’ll plug is
I do think this underscores the need for all companies need to have their
planning. These need to be things that this isn’t the first time you’ve talked
about it. So that’s, I think one lesson learned going forward for leaders, is
make sure that you’re executing on a regular planning cycle so that you’re
talking about these things.
Adam Devereaux:
Right. And I think it may be a little early to talk about recovery, but I think
it’s something that we need to have on our mind. Are we going to return back to
business as usual at some point and how do we make sure that we have continuity
with our business partners and others as well? How do we get back to that state
where everybody’s healthy? Obviously there’s a lot of uncertainty around that,
but thinking about your business partners, thinking about ways that some may be
more vulnerable than others and how can we support each other I think it’s
going to be important.
Mike Harris:
Yeah. Again, there will never be business as usual. We talk about going back to
the way it used to be. I think this is a little 9/11-ish in terms of the fact
that the when things do get … they will get back into some ‘normal
operations’, but is going to change everybody’s mindset forever. And so I would
encourage business decision makers to be thinking about that going forward
because your customers are going to ask these questions, right? They’re going
to want to know. And this is a way that ultimately if you’re thinking about it,
you become stronger in the long run because it becomes somewhat of an
opportunity in terms of the fact that it causes us to think about these things
that if our competitors aren’t talking about them, it gives you an advantage.
Adam Devereaux:
For sure.
Mike Harris:
Becca, we’ve got some questions.
Rebecca Zaagman:
Just a quick one. Can you explain what SWOT is?
Mike Harris:
Yeah. Sure. SWOT is a planning exercise. It’s called strengths, weaknesses,
opportunities, and threats. And Google it, you’ll find all kinds of information
around it. It’s not the SWAT team, but it’s a planning process. So essentially
you lay out four quadrants and when you talk about strengths, you brainstorm as
a team the things that are strengths within your organization. When you talk
about weaknesses, you talk about internal things to your organization that are
weaknesses that you need to improve on. Opportunities are things that are
somewhat external, right? They are things that you may be could be
capitalizing, new things to be thinking about, et cetera. And threats are also
external things, right? External factors, new people entering marketplaces,
things that could happen. That should include things like economic situations,
pandemics, things like that, that are … they’re threats. And if they happen,
is your organization going to be prepared and are you thinking about them?
Mike Harris:
So it’s something anyone can do. You can find a ton of resources on it and feel
free to ping me. I’m always happy to share the things that we’re doing. We’re
very open about kind of behind the curtain at Worksighted, what do we do from a
planning and leadership perspective? How are we making decisions? I’m happy to
talk about it.
Rebecca Zaagman:
Related to that again, how has Worksighted past SWOTS analysis helped in a
situation?
Mike Harris:
Sure. I’ll feel that one, huh?
Adam Devereaux:
Yeah. Absolutely.
Mike Harris:
Well, I can tell you right now that it has helped us tremendously over the last
few years because every year when we do it again, we pull out the one we did
the previous year and we look back at it, and we refine it, and we get better.
External threats like major economic downturns, situations like this are things
that have come up and we’ve talked about. And one of the video pieces I put out
that we’ve been pushing out content to our customers, make sure you know what
we’re doing, I was chatting about the fact that we were ready to go as far as remote
work was concerned. We were prepared to make the decision. We had policy
changes ready to go. And when the governor made the announcement Thursday night
that the schools were going to close Friday, we were ready to push out policy
updates to our team and say, “Here’s where we’re at with remote work.
Everybody’s capable of doing it. You’re prepared to do it. Here’s what our
policy is going to look like now.” We modified our policies to allow for
childcare and things like that.
Mike Harris:
So come Monday morning, our staff wasn’t panicked. We didn’t have to panic,
“What am I going to do?” They knew by close of business on Friday,
they had a safety net, they had a plan, and we’re up and running at 100%. And
actually, absorbing large increases right now as far as demands from customers.
Adam Devereaux:
Which took really some dynamic reallocation of some of our workforce, right?
Recognizing where that increased load was coming in and being able to shift
people who are now being freed up on a specific like field work, for example.
I’ll add to that from a standpoint of when I started at Worksighted policies,
work policies, right? We were a much smaller, younger company.
Mike Harris:
I’m an entrepreneur. I don’t like policies, right?
Adam Devereaux:
Yeah, so that served as well for a time, but I think through the maturing
process as an organization, which is what exercises were definitely part of, we
recognized as we grew the need to have a people department, have policies, have
a fairness around those things. So the organization has definitely grown up
over the last few years to be in a much better spot to handle this for sure.
Mike Harris:
Definitely. Definitely.
Adam Devereaux:
One other area, I think personally I like to think about it from a community
standpoint as well, we have the business community, but we also in this modern
day and age, oftentimes the work community is a thing that people may not have
otherwise, right? You have workers who are displaced in terms of their family
isn’t from around here. They may not have other local community groups that
they’re part of. So you kind of almost think about it from an expansion of
scope of what you may want to do to help make sure your employees are safe,
right? Food security, just making sure that people are supported. If you have
an EAP, making sure that people know how to use that and understand that if
it’s overloaded or not, like a lot of those resources are potentially getting
hammered. How can you provide kind of support within the organization for your
people?
Mike Harris:
Yeah. That’s one area our people department has been talking over the last few
days, “How do we make sure that we’re keeping our people together?” A
situation like this is, it really underscores why you need a people department
more so than when things are operating wonderfully. You know, to your point
about EAP, these are the assistance programs that we’ve put in place over the
years for our employees using external providers and things and making sure
that this is a stressful time for people, they’re worried, and what do we need
to be doing to make sure that we’re helping our employees as much as we can.
We’re making good smart business decisions. As a business leader, if you are
not talking to your people, if you are not talking to your customers, I think
that you’re making a mistake right now because it’s important that you’re
letting them know what you’re doing.
Mike Harris:
You don’t have to have all the answers, but you have to be communicating so
that people know internally and externally, I think, what you’re doing. But for
the internal people, for your employees, it is a huge confidence builder for
them to be communicated to and know that you’re talking about the tough
questions and you’re doing the planning that’s necessary. But back to the
people department piece, that culture piece, making sure you’re doing some
things to keep your employees working as a team. Culture is super important.
Don’t just chuck it out the window right now. This is where you want to be able
to fall back on your culture. Our number one core value at Worksighted is I am
most comfortable dressed as a superhero. And people kind of laugh at that, but
this is the moment. These are the moments when our staff, as everyone lives out
that value, when the going gets tough, they really rise to the occasion. It’s
been incredible to see what our staff has been doing during this really, really
challenging time.
Adam Devereaux:
Right. Yeah. So if we don’t have any more questions, I think we’re running out
of time here. So thanks again everyone for joining. We will continue to try to
be responsive to whatever your needs are. Understand that we’re having to
reprioritize some of these requests that are coming in based on a need to
enable people to work. So there’s certainly an increase, as you mentioned, in
demand. We’re trying to make sure that we’re being as agile as possible to
respond to those. So we appreciate your patience and you being a part of the
larger Worksighted community.
Mike Harris:
Definitely. And again, I want to extend the same offer I did before. If there
are other questions you have, if you want to know what we’re doing about
something, what platform are we using, it doesn’t need to be about tech or
something that you get from us as a partner, I’m perfectly happy to sit down
with anybody who needs it in the business community and have a discussion
around just the brainstorming and the complexities that go into leading through
a really complicated time. So feel free to reach out. I’m absolutely happy to
chat with anyone that needs it.
Adam Devereaux:
And we certainly had a lot of questions about Microsoft Teams. You’re going to
see more content from us focused on how you can use that with a more narrow
topic of how it can apply to this type of a situation. Yeah. So thanks again
for joining us.
Mike Harris:
Thanks everyone. I really appreciate it.
Adam Devereaux:
See you next time.
