Wow, here are now beginning at the beginning of August. Hard to believe that time is going by so fast.  But unfortunately, the one thing that is not is the COVID19.  Many people thought that as summer would start, the numbers of people testing positive would go down sharply, but in fact, it is the inverse that has happened.  The reason for this is clear and simple: 

When the lockdowns first hit, everybody had to stay at home.  But with the summertime about us, people want to be outside, and socialize amongst others.  So of course, the numbers are going to spike up.

But when winter encroaches upon us here in a few more months, the trend will probably go down again.  But I think everything will level off at some point in time.  But despite all of this, there is one reality that is going to around with us long after COVID19 has dwindled into the limelight.  And that is the gravity of Working From Home (WFH), also now known as the “Remote Workforce”. 

Many people also thought that as businesses would start to reopen doors, that employees and the like would want to return to the office.  But apparently, this is not the case.  It seems like that the American Workforce likes to actually WFH, with perhaps just a few visits to the office here and there. 

So now, Corporate America has to deal with the issue if they should completely shutter their brick and mortar presence, and perhaps get something like a Virtual Office which employees can use from time to time, as the need arises.

In fact, more and more businesses in California especially are starting on this trend.  For example, why pay thousands of $$$$ on rent when they could be shifted over to research and development purposes, or even launching new marketing campaigns?  But whatever comes out of this Remote Workforce phenomenon, there will be a time and place where employees will need to have some sort of physical interaction with their colleagues, and even with their managers as well.

So, now a new issue that has been bandied about is how to keep employees safe from COVID19, as they come and go to the physical presence of the office?  Here are some of the key issues that the CIO/CISO,  as well as their IT Security teams will have to address:

*The relaxation will disappear, to varying degrees:

At home, of course all Remote Employees are very relaxed.  After all, where else in the world can they work in their PJs?  But as they come back to the office, they need to be reminded of the fact that at least from a security standpoint, they will need start to using their various authentication mechanisms once again in order to gain access to the building and their office.  This is more of an area of where Physical Security comes into play.  Before, employees are allowed to enter again, it would perhaps be wise to conduct an audit once again of the security measures that are already in place, because they not been used in such a long time.  If anything seems to be out of synch, then you need to have a huddle with your property manager to make sure all is up to snuff first in this regard.

*There has to be a heightened sense of alert instilled:

As your employees start to make their way back to the office, they have to become much more disciplined in regard to the levels of Cyber Hygiene that they maintain.  Of course at home, there is a high level of trust, after all, who in your family is going to mess around with work stuff, right?  Well, this is totally not true.  For instance, there has been the intermingling of home networks with the office networks, so who really knows what has been exposed to the Cyberattacker?  Because of this, the IT Security team will have to conduct thorough audits of all of the equipment that has been used, even fi they are personal devices.  As employees return, they need to be educated yet once again about the importance of how to maintain good levels of Cyber Hygiene, and its sheer level of importance.  It’s one thing to do this virtually in a Zoom meeting, and it is yet another when it is done to face to face.  Therefore, the CIO/CISO has to use this short time period wisely in order to make their employees realize the gravity of the situation before they start the 2nd wave of WFH. In the beginning, there was a huge rush to send everybody home, so not all employees could get company issued devices.  But now that there is sometime to address this, there is no reason why your business cannot give out company issued devices with needed security features and tools installed onto them.  The bottom line is that employees really should not be using their own devices to conduct work related matters, they should be using the company issued ones instead.  Also, the IT Security team will have to figure out a way in which they can deploy software and firmware patches and upgrades onto these company issued devices once employees start to WFH from home again.  But once again, this will mean that they will have to gain access to the employee’s home network.  Perhaps a solution to this would be is that employees return to the office for the short interim, all of these upgrades can happen at that time.  Perhaps in this regard, the Zero Trust Framework should be implemented, in which in the end, nobody is trusted, not even close family members and friends.

*Testing For COVID19:

This is going to be a huge, hot button topic.  After all, as your employees make their way back, you want to be sure that that they are not carriers for the virus.  The only way that this can be done is by doing on site testing, right at the doorsteps of your office before they are allowed to enter at all.  But once you do this, keep in mind that you will now be collecting health related data on all of your employees.  This is far different than simply strong credit card numbers and Social Security numbers.  At least here in the United States, the protection of healthcare data is something that is watched extremely watched, audited, and protected.  Much of this comes down from a piece of legislation that is known as the “Health Insurance Portability & Accountability Act”, or “HIPPA” for short.  This was actually passed in 1996, so this law has a lot of powerful teeth with it that it can claw into for those healthcare organizations that are deemed to be non-compliant.  But keep in mind, that you don’t have to be a healthcare organization exclusively in order to come into the cross hairs of HIPPA. Any business that keeps track of medical information of their employees in the slightest of ways, will be prone to audits.  Thus, not only do you have to worry about being compliant with the GDPR and the CCPA, you now have one more worry:  Being compliant with HIPPA.  Therefore, now you have choice but to make sure that you maintain the strictest and tightest of security controls that are possible in order to protect the employee information/data that are collected from these COVID19 tests.  Another hot button topic will be is if your business wants to deploy any sort of contact tracing mobile apps.  There could be some huge privacy rights issues with this, as your employees will already be on edge. In this regard, the CIO/CISO needs to be ready to answer some tough data privacy questions from their employees.  Perhaps the best venue to do this is in a town hall like forum, in which all of your employees can attend face to face.

My Thoughts On This

These are going to some of the huge issues that you and your company will have to address.  This is by no means an exhaustive list, and there will be many others.  But the biggest one, apart from the usual Cybersecurity related ones, will be the one surrounding COVID19.  But there are some silver linings to all of this, believe it or not, which are as follows:

*You can always make use of either the AWS or Azure in which to deploy your entire IT/Network Infrastructure.  For example, you can create Virtual Servers and Virtual Desktops so that your employees can access the shared resources they need in the same way in which they accessed them from an On-Premises server.  Security is already taken care of for you, and you do not have to worry about deploying software updates and patches, this is all done for you.  Really in the end, all you need to give your employees are low cost terminals so that they can access this Cloud based quickly and easily.

*With bouncing around of WFH then back to the office, and WFH once again, it is quite likely that your employees will have Cybersecurity more on their minds, especially when it comes to data privacy, as just described.  This is actually good, as it can lead the foundation for them to start to maintain a proactive mindset about good Cyber Hygiene.