The sudden and forced shift to remote working has served as an impetus for firms to transform their operations. Primarily, it has enabled the rise of more collaborative working methods, some of which will hopefully be embedded in future ways of working.
“Keeping staff engaged is the main challenge firms are facing,” George Ralph (pictured), managing director at RFA explains. In terms of communication and collaboration, video calling via systems like Microsoft Teams and Zoom has increased. The face to face contact such tools provide is important. “It really does help businesses stay connected… With tools like Microsoft Teams in place, I don’t think that communication and collaboration have to be compromised, just because everyone is working remotely.
“There are many ways to communicate, whether it is via voice call, video call or instant message and working on the same centralised projects and files has never been easier than with SharePoint and OneDrive,” Ralph delineates.
He notes that in terms of technology, RFA has not experienced a significant surge in support calls, which shows the firm’s systems are working as well as they always did. Although all RFA clients were already making use of cloud technologies and automation in some form, some were still affected from a technology stack perspective.
“Most of our clients already had the fundamental infrastructure in place to accommodate this new way of working. With some additional resources, or more Citrix servers and with additional capacity for serving up more sessions, they have been able to continue largely as before. RFA’s own use of automation and orchestration made this process slick and smooth,” Ralph notes.
Further, RFA clients were in a strong position going into the crisis. Ralph says: “Without exception RFA’s clients use cloud services to deliver their fundamental IT infrastructure, whether that is private cloud, public cloud or a hybrid of the two. This has meant that they are already incredibly agile and can access RFA’s systems from anywhere. From discussions we’ve had, we believe most of their other systems, such as trading systems, trade data, portfolio management and reporting systems are also cloud solutions or delivered as a service, so they have been able to weather the crisis fairly well.”
But the transition has also highlighted potential risks which firms need to be more aware of in the current environment. Although the main risks are those related to home networks, with unsecured routers, wireless and networks, Ralph notes working from home has broader implications in terms of security: “Taking the basics of home IT security guidance aside, the other major risk was the public awareness of everyone’s need to change operational working, as such phishing attacks went up 350% globally.”
Every business now has remote workers who are stressed and anxious, in a new working environment, sometimes using new tools and a different operating model was public knowledge. Ralph warns: “Attackers are watching this happen and taking advantage of the chaotic situation and the high emotions. The way we have always combatted opportunistic, malicious activity like phishing, has been through user training and testing. It’s the only real way of increasing users’ vigilance as one click on a rogue link can expose a desktop and possibly network resources to attacks.
“Identifying and reporting suspicious emails is crucial for the intelligence engines and then there are the practical security measures, such as providing corporate devices, using zero trust identity and access solutions like multifactor authentication and securing the home wifi router and network.”
He advises professionals using collaboration tools like Zoom, to make sure they are not sharing sensitive information via screen shares or on slides, which could be screenshotted and shared. “When setting up webinars or group meetings, use the password facility and enable the waiting room, which means you can approve all participants before they are allowed to access the meeting. Small things like this can ensure the security and privacy of the meeting,” Ralph instructs.
At the company level, Ralph recommends deploying centrally managed security systems, which continually monitor and protect the endpoints. “These are a great idea. User behaviour monitoring can assess and set a benchmark of what is ‘normal’ activity, then analyse event logs, access records, times, durations and other user driven events, applying algorithms and identifying anomalies that will trigger alerts that an event may warrant further investigation,” he explains.
In fact, Ralph says the key advice and training has all been around securing clients’ home networks, being more vigilant for cyber attacks (specifically phishing) and insider threats.
“I don’t believe you should sacrifice data security for business security, or indeed that you have to. If you have the right systems, tools and training in place, supported by clear company policies and processes, there should be no reason to assume that security will be compromised,” he adds.
And this security will serve firms well in the future, as work modalities may shift more permanently.
A new future
Ralph has been discussing with clients what going back to work may look like and what changes they might need to make to ensure they are operationally resilient from here on in.
“Some may want to rethink their remote access solutions to provide a more robust solution for a greater number of users, particularly in light of the general consensus that flexible working will become a more permanent feature for more staff than ever before. We have started to provide smaller firms with a full ‘no office’ solution and we are implementing more and more collaboration tools across the client base. All of our security solutions focus on the end points already, so this became a moot point.”
According to Ralph, flexible working will persist and more staff will be given the opportunity to work from home if they can and want to. “Our clients know it can and does work, so there is no real reason to enforce an office-based policy in the future. We have also spoken to clients who are reconsidering their centrally based offices and genuinely wondering whether they need the same amount of space, or could they operate smaller offices with a view to more people working remotely.
“I think people will be more security conscious when they’re not in the office, as they’ve received training and information on securing their home networks and devices” he reasons.
George Ralph
Managing Director, RFA
George Ralph CITP, has successfully founded three technology firms along with C-level advisory services include M&A to numerous firms. George is a true leader and has been managing teams internationally, and leading technology transformation projects for over 20 years. A certified GDPR, Cyber assessor, Auditor, Architect and widely experienced cybersecurity and RegTech professional, George has extensive technical experience in network and server architecture, large scale migrations utilising leading technology brands, and IaaS offerings.