Can my business survive?
At Connect & Support we have been working with a variety of different businesses for the last seven years, helping them through the ups and downs of business life by advising and managing their evolving use of IT.
COVID-19 is a new test for us all, This document doesn’t deal with your personal health, but rather the health of your IT as you have to alter your working practices to cope with the virus.
In the words of the Hitchhiker’s Guide to the Galaxy “Don’t Panic” and don’t rush into making hasty decisions that will compromise your company, data security and GDPR. Hackers and criminals are always looking to exploit weaknesses in your security, and they take advantage of times when people are concentrating on something else. Do not take short cuts with IT security, and the first place to start is to make sure your passwords are hard to guess.
GCHQ have for a while advised using three short words that create an image in your mind, then substitute letters for numbers, capitalise a word and maybe add some punctuations.
Three words: ship red funnel (this conjures up a picture you will more easily remember)
Substitute letters for numbers: sh1predfunnel
Capitalise a word: sh1pRedfunnel
Add punctuation if you wish: sh1pRedfunnel#
The final password is complex but still easily remembered by you.
Never use your email password when signing up for something online because they’ll usually also ask for your email address. If you give them both they can easily hack your email account and then use it to start sending spam out. This is a very common hack.
Never use banking passwords anywhere else. If you ever have to write your passwords down, keep the note in a locked drawer.
Use encrypted messaging apps like Whatsapp and Zoom to share data and keep in contact with your staff. Zoom is free and works on a Mac, PC, iPhone, iPad and Android devices. You can quickly and easily keep in contact your staff using these tools and they are hard to hack.
Set-up different Whatsapp groups for departments and company-wide information to make sure the correct recipients read each message. Communication is key to keeping your business running if you are no longer able to get to the office.
Make sure your Firewall is up to date, and if you are using a VPN (virtual private network) to enable your staff to connect to the office network, ensure all passwords are complex.
If you have an old firewall or one supplied by your broadband provider, you should consider upgrading to a “business-grade firewall” that better controls secure remote access to your office. These cost from £700 to £3000 and we recommend using Meraki devices because they automatically update themselves and can be installed in most businesses in one to two hours.
Similarly, make sure all office machines are running a proper anti-virus program. Preferably one that contains anti-ransomware code and a central control panel it can be monitored from, such as the Sophos products. Stand-alone virus protection such as Norton or ESET are also good enough. Free products are not supposed to be used on business computers.
Don’t be tempted to allow staff to access the office from their home computers. Not only does this breach GDPR rules but you are leaving the security of your business to a home computer that you know nothing about and that may be compromised by viruses and malware.
Home and work life should not mix on the same computer. If necessary, consider sending the user’s work computer home and connect it back to the office via VPN.
Work out the minimum resources you need for your business to continue to function.
This usually means
• can we sell my products and services?
• can we issue invoices?
• can we communicate with clients?
Each company is different, but with a little bit of planning you can give secure access to your accounts and invoicing system remotely, without compromising your security. Windows 10 has remote access built in for example.
Meet with key stakeholders in your business and work out what you would all need to access if you had work from home or isolate the office.
Use the Cloud. Cloud storage and systems are there to help you. DropBox or OneDrive for Business enable you to securely share your data with co-workers for a small monthly fee. If you have older software and systems, you can consider installing a Windows remote access server. This allows any Mac or PC to access older software securely. The data never leaves your office and you have control over who is using the data. However, if you hold client data, GDPR expects you to keep your systems up to date, so it is worth starting to plan a gradual upgrade to the latest software and systems if you can.
Do make sure you backup your Cloud storage. We often find users have deleted a folder they think they no longer need, only to find some else needs to access it. Take your time and consider who needs access to what files and take nighty backups. Putting data in the Cloud is not a backup! We recommend also having an on-site incremental backup that saves multiple iterations of a file. This can be a lifesaver if you ever need to go back to a previous version of a file.
Do a test run. Now is absolutely the best time to test, don’t leave it until next week. Even if you send one person home from each department to test, you will learn if your Disaster Recovery Plan can work.
Consider working in three split shifts.
Have one person in the office and two at home at any one time. Rotate them round, two days at home and one in the office. This will keep cross-infection down to a minimum. If one person in the office does become unwell, everyone in that shift should self-isolate. You can then bring in one of the other shifts once you have cleaned all surfaces. Remember the virus can survive for 24 hours on metal so a full clean of all surfaces is essential.
Update your phone system.
All modern phone systems can do call forwarding. Even if you have complex call handling systems, you can still divert calls to a user’s mobile. If they have access to the computer systems from home, your call handling can still continue and you can serve your customers. You may wish to set-up an emergency basic call handling system.
We hope the above steps give you some help to weather the storm.
Take your time, and don’t be worried about asking for advice. Good luck.