Recently, the world has taken the sweeping hit from the Coronavirus. The virus is highly contagious, and governments and countries have been doing what they can to prevent it from spreading. Cancelling conferences, closing down entire school systems, and instating travel restrictions are just a few ways the virus has been attempted to be contained.
On a local level, organizations are closing their offices and having employees work from home. During times of disaster, organizations have two major goals: to ensure employee safety and to maintain Business Continuity (BC) and productivity. In the current situation with the Coronavirus, organizations are going to shut down their offices with the goal of protecting their employees from being exposed to the virus. To maintain BC, employees will need to work remotely. This is where IT Asset Management (ITAM) gets involved. BC is facilitated by ITAM and its responsibilities along with IT Service Management (ITSM) playing a helping role.
Working from home requires employees taking home IT assets and having them operate properly. The trick to success is to make a Mobile Asset Management (MAM) program that will allow BC to flow as closely as possible to how it normally flows in the office.
Decide Who and What Can Work Remotely
When an organization decides to have employees work remotely, an IT Asset Manager has to get the facts. They must decide:
- Who can work remotely
- Who cannot
- What IT assets are needed for the employee to work remotely
- What IT assets the employee will need from the organization
Ideally, all employees can work remotely. However, this is not true. There are some jobs that will not allow an employee to complete their work responsibilities from home. The IT Asset Manager must make note of those who can and cannot work from home and why. For example, one employee might only need a laptop with Microsoft Office and access to the internet. This is fairly easy to get them set up to work remotely. In contrast, another employee might handle the design work of things and might require a high-end, expensive computer to operate along with printing equipment. The equipment and material needed to maintain the design quality and prints is not something that the employee can take home. They will be unable to work remotely.
The IT assets needed for each employee need to be decided. Some employees might only need a laptop with Microsoft Office and access to internet. Others might need access to a work phone along with specific programs like CRM programs. The IT Asset Manager is going to need to discover who needs what IT assets to fulfill their job duties. A way to simplify things is to view the organization by department. For example, the customer service department is likely going to need access to work phones and CRM programs. The marketing department might need access to programs like Adobe. Breaking things down by department makes it easier to know who fulfills what responsibilities and to figure what IT assets every person needs.
Even though each department might need different things, there are other aspects which all employees will need to maintain BC. For example, employees will need access to the cloud to continue uploading. These kinds of assets are something the organization will need to ensure all remote employees will have.
MAM Best Practices
When it comes to maintaining mobile assets, there are a few important things IT Asset Managers must do:
- Track assets: A major flood of employees are going to be walking out of the office with a large amount of IT assets. The IT Asset Manager needs to decide how to keep track of those assets. For example, an IT Asset Manager could have employees sign an agreement that they will be responsible for the IT assets before the employee leaves with the IT assets. The IT Asset Manager could also take extra measures to track the mobile inventories.
- Track data: Each one of those IT assets that have just left the building is loaded with valuable data and will be generating data during their time out of the office. The IT Asset Manager will need to come up with a way to keep track of that data. For example, the employee could sign a Non-Disclosure Agreement about the data they will have access to outside of the office. The IT Asset Manager could also revisit mobile agreements and make any necessary addendums to what was established. Essentially, policies are created to control the actions of people. Policies need to be reviewed and addressed internally to ensure they cover a widespread event such as what a large portion of the world is currently facing.
- Understand roles and responsibilities: The IT Asset Manager cannot possibly track all of that data by themselves. Due to this, they must decide what is worth tracking and what data is the highest level of importance. For example, data from executives is going to have the highest level of importance. A level down might be data from the financial team or customer service team since they have credit card information and other client sensitive data. This data needs to be protected to maintain compliance, and if it is leaked or hacked the situation becomes extreme and damaging. A level that might not even require strict tracking is data from the design team. Their data is typically geared for the customer, so if that data is leaked it is not really too harmful for the organization. If the IT Asset Manager is not sure if data is worth being tracked, they can perform a Risk Assessment to help them decide.
- Educate and train: With all of the information provided above, none of it will help if the employees are not trained or informed on how to handle their mobile asset and data from home. For example, the employee is letting other family members use their mobile device. Though it is seemingly harmless, it is a violation of data security and can lead to serious consequences. This is something that the employee might not even realize is a security risk, so it is important for the IT Asset Manager to keep the employees informed on what behavior is acceptable or unacceptable regarding the mobile devices and why that behavior is acceptable or unacceptable.
- Ensure the rights: The IT Asset Manager needs to ensure that the organization can track and has rights to the mobile data. This comes into play with a Bring Your Own Device (BYOD) asset. This means that the asset is personally owned by the employee, but they perform work duties on it. Executive devices are frequently BYOD. A device that is BYOD can even just be a personal phone that gets work emails on it. If the contract or policy language does not give the data rights to the organization, the IT Asset Manager will need to make an addendum giving the rights to the organization.
While these practices protect the IT assets and data, they also protect the overall organization.
Understand Corporate Impact
IT Asset Managers need to be aware of what all the temporary changes would entail to the organization. They need to consider how the organization is affected from having employees work remotely. Is productivity going to decrease? Is BC going to take a dive? Another thing to contemplate is how data security and data integrity is being maintained. What precautions is the IT Asset Manager taking and incorporating to protect the data? What data is going to be exposed to more risk than others? How is data integrity going to be maintained? What can the IT Asset Manager do to keep data integrity high? Understanding these impacts will allow the IT Asset Manager to properly build and adjust their MAM program to optimize BC and productivity.
Forming strong MAM best practices to maintain BC and productivity is the best way for organizations to flourish during the Coronavirus. Though the virus is causing the massive work-from-home initiative, it will not last forever. IT Asset Managers just need to bear with it for a little while longer. This event has forced IT Asset Managers to be prepared for other disaster events so when the next disaster occurs, they will be ready for it.
Ducklin, P., & Vaas, L. (2020, March 6). Remote working due to coronavirus? Here’s how to do it securely… Retrieved March 10, 2020, from https://nakedsecurity.sophos.com/2020/03/06/5-tips-for-working-safely-from-home/