Work from Home: Strategy or Wishful Thinking?

When contemplating Business Continuity strategies, one of the foremost scenarios to consider is (and should be): what if the building is not accessible?

Twenty years ago the only viable answer would have been to transfer people to an unaffected building (or to a predetermined 3rd party ‘work space’).  Ten years ago, forward thinking IT departments began supplying critical employees (mostly their own) with tokens or other secure devices to enable them to gain access – via the Internet – to the organization’s and thereby to the applications and files they needed to work.

Today, many – if not most – employees can access their email on a mobile device, and log into the corporate network remotely.

That fact leads directly to the assumption that, if the building were not available, everyone can work from home.  Unfortunately, that assumption can often be mistaken.

Access vs Security

An employee who can access their corporate email from their phone or other mobile device usually can usually do so because he or she has been provided with authentication credentials which enable access to that single account from that particular device.

Assuming that same employee can work from home may be an entirely different assumption.  Do they have a company laptop they take home at night – or would they use their personal desktop (the same one their spouse uses for web surfing and their kids for online gaming)?  The latter poses a security issue due to lack of control (virus scans, OS and application updates, etc.)

Likewise, authentication (assuring that that remote device belongs to and is being used by the authorized person) is not insurmountable – but is not something that can be provided to large numbers of users quickly.  If not planned and implemented in advance, use of AD (Active Directory) or other authentication will cause set-up bottlenecks in the early (and more important) hours of an outage or disruption.

Traffic Volume

One of the most safe and secure means of providing network access is via VPN (virtual private network).  This too is not something implementable on the fly.  VPN capacity may all be an issue.  VPN’s work well for the occasional or permanent work-at-home users, but may throttle throughput or heavily reduce response times if not properly sized for the anticipated traffic volume. VPN’s are also not free; they may not be cost effective for “all employees” use.  Budget becomes a consideration – resulting in the potential rationing of VPN access based on criticality (or other more arbitrary means) and a potential drag on productivity.

Adapting to a Changed Environment

As someone who has worked from a home office of more than 10 years, I know there are significant differences between corporate and home working environments.  While a short term stint at the dining room table may seem acceptable, long term needs make that impractical or unworkable.

  • Unless an employee has a dedicated (read: distraction-free) workspace, the home environment presents challenges.  Even with ‘rules’, family members assume a special dispensation to interrupt; and interruption are often just the sounds of normal life.  Working at home also presents temptations (napping, long lunches, TV etc.) that are easier because no one “in the office” can see the behavior.
  • What about equipment?  Employee will need either a PC or laptop (with an acceptable internet connection and a minimum OS).  Whose responsibility is it if they don’t have them?  What about a printer, scanner, or software that must necessarily be loaded on their desktop?
  • And then there’s collaboration.  We collaborate with others throughout the workday.  Often we don’t realize how often it occurs, or how important collaboration may be to getting our jobs done.  How will employees collaborate?  Conference calls, WebEx or collaboration software?  Those should all be planned in advance (especially the latter)

Adequate Testing

Nothing is a “strategy” until it’s been validated (otherwise, telepathy and invisibility would be strategies).  Testing home access one employee at a time verifies connectivity – but not productivity.  Run an exercise with a larger group – even if only for an hour – to test mass accessibility and its impact on response times.

If you really want to validate the strategy, let a team or selected workers work from home for a week and debrief them afterwards to determine what ‘tweaks’ may be needed to make work-from-home more productive (or at least more sustainable).

Just planning to shift office workers to their homes, and expecting a manageable, productive workforce, is wishful thinking.  But with some planning – and perhaps some expense – work-from-home may be a viable recovery strategy for your organization.

SHARE:
Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…