Stay Safe but Stay in Business

COVID-19, 5 letters and 2 numbers that have turned everyday life upside down for millions of people and organizations across the globe.

In an effort to slow the propagation of the virus, governments of several countries have put in place drastic measures of confinement that carry heavy consequences.

Not only consequences on everyday life but also for the function of businesses that must (when permitted) radically reorganize their way of functioning, to allow their employees to work from home and to ensure business operations continue.

This is of course the case for IS Decisions, the company I created and have been managing for almost 20 years.

IS Decisions is a Cyber security software development company specializing in Access Management.  We offer solutions to businesses that protect access to their IT network, and to their company data on premises and in the cloud.

Compared to a lot of companies, we are lucky.

For starters, our business is very geographically diverse, with 93% of our business conducted internationally, and more than 3000 clients in 144 different countries.  This allows us an excellent distribution of risk per country.

The nature of our business, software development, is almost 100% digital, allowing us more possibilities and agility not always available for traditional sectors.

We interact with our prospective and existing clients and our partners in several digital formats (telephone, email, web conference…) and we « deliver » our software solutions via email with a download link and the activation key.

All of these factors have allowed us to switch from a mode of operation completely present (one developer works from home full-time) to a mode of operation in which almost all employees are working remotely.

How did we do it?


Internally: Communicate, communicate, communicate

This may be stating the obvious, but beyond the inevitable technical difficulties with remote working, and access to applications essential for productivity, the principal problem with working from home is maintaining an excellent level of company-wide communication.

Here at IS Decisions we implemented Slack a couple of years ago to replace all inter-office emails.

In the current situation, Slack has become our Number 1 communication tool, with a clear functional intent: Recreate our everyday tasks and IRL rituals to a digital platform in an effort to preserve the cohesion and morale of the team.

Every morning, we start our day with Slack with two simple goals:

  1. We say good morning and ask how everyone is doing, just as we did in the office before the confinement.
  2. We get organized. Each department (Sales, Marketing, Engineering, Technical Support, and Administration) has a virtual Stand-Up Meeting (classic Agile Method) via the application Geekbot.

Every morning the application asks 4 questions to each team member who must respond clearly and concisely:

  1. What did you do yesterday?
  2. What will you do today?
  3. What problems have you encountered that you might need help with?
  4. Other (any other information to communicate or questions to ask).

The responses are public and visible to everyone, allowing each team member to stay up to date with the activity of their colleagues, and to be able to offer assistance when needed.

We also have a Slack channel titled « Watercooler » where everyone can share tips and practical information non work related, or a funny GIF (it’s imperative to keep a sense of humor) just as we would share a laugh over a coffee in the office.

Lastly, we use an application, developed internally, called a 4/1 Weekly Report » (4 minutes to fill out/1 minute to read) which is filled out every Friday by all team members.

The responses to this report are also public, allowing each individual to be aware of the successes, difficulties and good ideas of their colleagues.

Because, working from home or not, people remain the most valuable asset of any organization.


Get organized for real.

For family reasons, I’ve been working from home part time for years, and I know from experience that staying efficient and productive in this situation requires iron clad organization.

It’s very easy (and detrimental, and depressing in the long term) to take a shower, have breakfast, and sit in front of your screen only to skim through some emails, or procrastinate in your pajamas or bathrobe with frequent alternating trips between the fridge and the window.

To avoid falling into these insidious traps, it is imperative to put in place and to respect rigorously a routine adapted to your everyday life.  Make it strict and precise, with set working hours and breaks.

It is also especially necessary to manage time and priorities in a strict and structured manner.

For some time now, I’ve been a firm believer in David Allen’s GTD method (Getting Things Done) that I apply using Asana, a SaaS solution for collaborating among teams that we’ve been using at IS Decisions for the past 4 years.

With the exception of the Sales and Technical Support teams (who use Microsoft CRM), and the engineering team (who use Microsoft Azure DevOps) all IS Decisions employees manage their team projects and individual tasks with the help of Asana.

The benefits are evident, especially since everyone is working from home: each project’s tasks are assigned to a team member, and priorities and deadlines are clearly defined.  This method provides transparency that allows us to avoid individuals working in a silo or missing out on important information.

With these tools and methodology, we are able to maintain the same rigorous organization, the same transparency, and the same team spirit working from home, as we have when working in the office.


Stay in close contact with your Business Network

IS Decisions’ clients and partners can be found in all 4 corners of the globe, and to stay connected with them, we have always favored digital forms of communication as our essential tool to be more efficient, economic, and to reduce our carbon footprint.

In that sense, we practically haven’t modified our methods since the beginning of our new working from home mode of operation.  We continue to communicate efficiently with our network by phone, email, and web conference.

Our phone system is based on an IPBX (we use 3CX) which allows each employee to make calls from their personal smartphone (or computer via the softphone) with the help of a dedicated application which lists the phone numbers of all IS Decisions employees without impacting on their personal phone plan.  The application allows for all employees to be reached via their internal phone extension, and can easily organize conference calls.

We continue to provide our clients and partners with personalized technical support on installing, configuring, and deploying our solutions via the web conferencing solution, GoToMeeting.

By continuing to employ these methods of digital communication, we are able to maintain the same excellent level of service for our clients and partners, even with almost all employees working from home.


Secure Remote Network Connections

From a network security point of view, remote working is evidently a risk factor, since it requires IT system administrators to allow employees remote access which consequently widens the potential attack surface.

As we are not of the philosophy « Do I say, but not as I do » IS Decisions uses (in addition to best practices for security measures in a Microsoft AD environment) our own access management software solutions, UserLock and FileAudit to protect access to our network and data stored on premise and in the cloud.

UserLock allows us to define and enforce access management strategies by limiting or refusing all network connections (including Wi-Fi and RDP), enforcing MFA when required, monitor in real time all network connections, and to react in real time to suspicious activity.

FileAudit allows us to monitor in real time all access attempts to our company files stored on premise or in the cloud.  The software allows us to be alerted in real time, and to configure automatic actions to any suspicious activity (access denied, off hours, or deleting/moving of a large amount of files).

Everyone in our organization has also been trained on IT Security best practices (password management, backups, phishing scams, etc.) and their vigilance contributes daily to the protection of our IT system.

No security measure, digital or physical, is fail proof.  However, even when dealing with a situation of a more open network to allow for remote working, adopting best practices for internal IT, using security solutions adapted to your organization, and educating employees about cyber security risks, allows you to minimize risks to an acceptable level.

Constant internal communication, rigorous individual and collective organization, preserving client and partner relations, and reinforcing IT security are the 4 principal ingredients for the re-organization of IS Decisions during this health crisis we are currently facing with COVID-19.

We have not reinvented the wheel, and we are by no means perfect.  We are simply doing our part to put in place best practices, and to come together as an organization to:

  • Adhere strictly to the confinement rules put in place by our government.
  • Ensure the continued operations of our business to maintain our services and respect our client obligations.
  • Protect the employment of our workers

Thanks for reading, and take care of each other!

The post Stay Safe but Stay in Business appeared first on Enterprise Network Security Blog from IS Decisions.

*** This is a Security Bloggers Network syndicated blog from Enterprise Network Security Blog from IS Decisions authored by François Amigorena. Read the original post at: