Fiona Frost | Business Development Manager at claireLOGIC
Businesses are having to navigate this current unfolding and uncertain situation. Those who can have their teams working from home have done so. But for many organisations there is no work for some, or all, of their team to do. In this instance businesses are taking up the government’s Coronavirus Job Retention Scheme and will furlough these team members on a temporary basis.
When a member of staff is furloughed, they still remain employed by you however, cannot carry out any work for the business. The furlough period is a minimum of three weeks.
From an IT and Cyber Security perspective there have been many hurried changes to your risk landscape in a short period of time. If you are working with a good outsourced IT company, they will have covered these, but we thought it was worth getting employers to think about these and sharing our expertise.
If you are using Office 365 then you are starting from a good standpoint. Access to furloughed team members mailboxes can easily be given to those still working but, as we always suggest, an additional backup and archive of these mailboxes is essential.
Microsoft only hold deleted data for 90 days. If the furlough continues beyond this period and a team member needs to retrieve an item they deleted by accident, or as a reminder when they return to work, then the standard Microsoft retention period won’t be adequate. You can get Office 365 Backup pricing through our website calculator tool, it isn’t expensive, and it can be implemented remotely.
Where possible set up Two Factor Authentication (2FA). This will alert you to any attempted login for the application it’s on, this could be from an employee or a hacker. Especially important if your team are using their own devices.
As the employee cannot work during the furlough period the safest stance for any business is to pause access to the employee’s work data, files, email etc. This will cover you should an employee try to be helpful and do some work which would result in a direct contravention of the government scheme. This also protects you if in the unlikely event they resent being furloughed and start to act maliciously toward the business.
During Furlough Leave do bear in mind that an employee’s contractual benefits continue. If personal use of a company mobile phone is part of their package, they will need to still have access to that.
If you don’t have Mobile Device Management (MDM) or Mobile Application Management (MAM) then restricting work data on it could be tricky. Both MDM and MAM can be installed remotely but only with the employee’s cooperation. MDM helps keep your company data secure and should always be installed on company mobile phones in case the phone gets breached, which is at higher risk with personal use and apps.
One of the greatest risks to a business’ IT system is a human. I spoke to Jane Fryatt of face2faceHR this week and her advice was to keep a line of communication open to your employees on Furlough Leave so that they remain engaged with your business and return after the pandemic with a positive mindset.
Think about how you can have regular interaction with all your employees (whether they are furloughed or remote-working), perhaps by including everyone on a weekly social video call, or a ‘coffee hour’. Regularly check-in with furloughed team members to make sure they are ok and encourage purpose during their Furlough Leave, perhaps by volunteering or setting a personal goal such as regular exercise.
Passwords should always be at least 8 characters long (ideally longer), complicated and unique, a good password management system will protect you, it could also be the helpful prompt a returning team member needs after weeks, if not months away from your organisation.
Did you pass the furlough test? If you or your business have any concerns about protecting your IT systems during this time then we are happy to offer some free advice, please just call or email.