Business Continuity does come with a cost, but when compared with the cost of loss of work and diminished productivity amongst your teams, the cost is subjective.
If you haven’t already invested in the proper networking infrastructure through hardware and software, you’re about to invest it now. It’s a good thing, with the current state of the world in March of 2020, that many services that provide these solutions took the high road and decided to provide their services for free for a while as a form of advertisement, rather than engage in price gouging.
We’re going to have to consider a lot here, in this blog post: financial ability; size of your workforce; needs of each user; user access rights; technology requirements; legal requirements for handling of data; and time required for implementation.
Well, it depends. See the litany of other topics to go over in the opening? We’re actually going to have to cover all of those one by one to help get an understanding of what you should be budgeting for.
There’s the basics, like how many people, what sort of bandwidth, etc. that all obviously scale cost with size. But, depending on the sort of work you do, you may find yourself held to legal requirements that are going to invoke additional equipment costs you might not have expected. Or maybe you have a complex security structure for your own reasons, and handling that remotely is going to invoke additional time in testing and setup.
Since you know, as a responsible business owner, that time, resources, and money are basically interchangeable concepts (having more of one will eventually mean more of one or both of the others when spending it), you’re going to have to plan around each in turn, and allocate them appropriately.
Well, let’s counter with another question. Do you need all those people to work remotely?
A knee jerk with COVID-19 being the latest in “reasons to work from home” is to say, “Yes! Of course! Are you insane?!”
And, well, maybe, but for different reasons. 1-3 people in an office, depending on its size, who wash their hands, keep distance from one another, regularly wipe down their desks, and remember to cover their mouth when sneezing and coughing are going to significantly mitigate the risks involved.
Consider that before you just send everyone home. Also consider that some personel are convenient, not required. And, as always, consider the personal needs of your workforce. Schools are being closed right now. Some people will need to work from home to care for children at the same time. Still others will need to work from home for financial or familial reasons, such as an older person living in the home.
So, now that you’ve sat and thought about how many people, we can talk about how.
But only after we make sure we know they can still do their jobs.
Consider the most complex requirement in the company. Usually, this is the CFO or CEO, depending on if the CEO will touch financial software. They need access to all the things, usually. Any files, any ability to scan documents, access to utility emails (ex: firstname.lastname@example.org, email@example.com), any applications, especially financial, etc.
If you can take the person who definitely needs access to everything, and make sure they have that access, everyone else is going to be the same process, but with fewer steps.
And maybe you actually do have the CFO able to work from home, or anywhere with an active internet connection. But you’ve bought a single license of GoToMyPC or something similar, and those are kind of expensive. Are you going to have to spend that money for each and every person who you need to work remotely? Are you going to need to manage a huge multi-user account for a service like that?
You can. If it’s a “I need this to work exactly right now” solution, that’ll work. It’ll be expensive, but it’ll work. That is, pending you have the bandwidth to serve the number of desktops you need to with that software. Remote control software can be, but not always, network intensive.
Excellent question. First, take a look at this overview of security I’ve already posted about.
Then, ask yourself the question, “Am I willing to allow my users to access company data on a personal device?”
If the answer is “absolutely not” (and I don’t blame you), you’re going to need to provide a company issued laptop or tablet for them to work. This means, at minimum, a technical investment in each employee you want to work remotely of $400-500. And that’s not counting what you’re going to pay an IT team to set the laptops up, nor any software you’ll be licensing if the need arises.
After you’ve got the device under control, you can ask an experienced IT team to please ensure they have the same access rights as they do on their desktops at work.
If you cannot afford, or do not care about letting people bring their own devices, figuratively speaking, there’s always setting up remote access to the desktops themselves. Though, even then, the ideal setting is to have the device the user is engaged with for work belong to the company.
Both solutions, though, require hardware and software infrastructure, which leads us to our next question.
Consider, first, that there’s more than one way to do this.
Tax exempt organizations, for example, can get a free Teamviewer license for a large number of computers and set up unattended access that can be secured with two-factor authentication for every single PC in a building with nothing but a lightweight client on both ends of the transaction.
You may want to, instead, use built-in Windows remote desktop sessions. And before any IT people reading cringe, no I am not going to suggest we just open port 3389 and let the world in. Never would I ever suggest that.
What I am going to suggest, though, is an encrypted VPN via some sort of on-site appliance (usually the router or a dedicated server) to connect any given device to the office network and then use the built-in Windows remote desktop session.
Either way, you’re going to have to assess each solution, its capacity, and then implement it and test it.
You may also need to make a call to your ISP and politely ask them to increase your internet speeds in return for additional money every month. Given most company resources are on-site, the internet isn’t used to do most work and you may have had a “good enough” internet speed. Well, now your work is all remote, and you bought a (proverbial) door meant to handle maybe 10 people passing through it every minute, and now it’s got 100 people passing through it every few seconds.
You need a larger door. Or, in this case, a faster internet connection with more bandwidth.
This is more for people who handle extremely sensitive data. Medical professionals, and financial processors, this is your section.
HIPAA and PCI compliance are to be taken seriously. First, you should be following the best practices for both to keep clients safe for its own sake. Second, unless you just have spare money to toss at legal fines, it’d be good to avoid those.
How do you ensure you’re following best practices?
Company controlled devices are the safest bet. Especially if your IT team has remote device management that means they can effectively repossess data at any given moment (usually through a remote wipe of a device).
Then, both the PCI and the HIPAA websites have a complete list of guidelines for remote employees that you can refer to. In short, your IT team should already be familiar with PCI and HIPAA requirements, and have the resources on hand to ensure any remote work solution falls within them. But if for some reason they’re not (How?!) that information is quickly and easily available for you to throw on their desk and ask them to read.
In short, at least a week. You will need to:
Each of those things is easily 1-2 full 8 hour days of work. So it could, if your company is small, take a few days. Maybe something easy like Teamviewer works for you. Great!
But maybe you’re huge, and you have to budget time for 100+ users. Always consider that it will take at least 1 hour to implement and train on a solution per user. And that’s even if you sit everyone down at once to train them in bulk. Not everyone will understand, not everyone will absorb, and not everyone will deploy flawlessly.
This is often the part that will bring any given project to its knees. No one planned on training 20 people to use this, some of whom are absolutely not technically inclined. Users are, in short, unpredictably difficult. And given we know this, we intentionally over budget time.
Because if you under budget time, you’re going to hurt really bad over implementation and training. Everyone is going to be stressed, and less work than you thought is going to get done. If you over budget time, people just get back to work sooner than expected. Gosh. What a travesty?
I think, now, that we’ve taken the very necessary looks at all of the
requirements for even beginning to add this up, you can start to make the
determination and answer this ever critical question.
Business Continuity does come with a cost but it will work, and you will
have an infrastructure you can use not just when there’s a national emergency, but if someone just sprains an ankle.