Preparing for a sudden Covid19 Delta Lockdown in New Zealand

17 Aug 2021 | News, Security, TIPS TRICKS AND HINTS

Every week that we don’t go into lockdown seems like a blessing. It can only be a matter of time before NZ is thrown back to a tight, restrictive lockdown.

If, as we read yesterday, every Covid case coming in through the New Zealand border right now is infected with Delta, and if there is one mistake in MIQ, then this pandemic gets back into the community. When that happens, as we’ve seen in Australia, the government will have no choice but to put us into an immediate and severe lockdown.

You might have a few hours of warning only. Every day when you and your colleagues leave your workplace, it is worth thinking that you might not be back tomorrow.

We think this is a question of ‘when’, not ‘if’. So, now is the time to get ready.

It’s easy to say, “well, we got through these last year so we can do it again” but some things have changed.

  • Some of your staff have changed.
  • Some of your systems have changed.
  • Data privacy requirements have strengthened.
  • Cyber-security is more adverse.
  • The next lockdown will be tighter than the last, and quite likely it will be MUCH longer than previously experienced.
  • Now that we are supposed to be ‘old hands’ at dealing with a lockdown, the people we interact with will have higher expectations about their experience dealing with us in a future work-from-home situation.

People are more used to working from home, and the tools have improved significantly since last year. Nevertheless, we think it’s worth checking in, and applying the lessons learned.

Lesson One. Every day, every staff member needs to be ready to work from home.

If they use a laptop, they need to take it home every day. Check it works still at home. You might have updated the laptop or your WiFi or some other aspect of your environment. Now is the time to check that it still works as you expect.

  • If they were using their own home computers, are they powerful enough to run the software you need them to use – dual or triple screens, speed, processing capacity etc. Your software may have changed, and their PC may have changed.
  • Do your staff have a plan to mitigate distractions from partners, family, pets, and external noise?
  • Have your staff tested access and practised how to work remotely?

Lesson Two. Can they work securely?

Regular readers of our articles will know our concerns about the increasingly adverse cyber-crime environment.

During the last lockdown, we saw a marked increase in hacking. A lot of organisations were more vulnerable than normal because their people went and worked from home, using home internet connections and home PCS. If those PCs are used by other family members, the greater the risk of being infected with malware increases. If the connection used to access office systems wasn’t a secure SSL or VPN connection, it was more vulnerable (and not all VPNs offer the same levels of security). We remain adamant in recommending use of multi-factor authentication (MFA) for all remote connections.

What should you do?

  • Keep ALL your active IT systems up to-date
  • Old PCs get set up temporarily during lockdown, are a point of vulnerability.
  • An old Wi-Fi point , especially one left with its default password, can be connected to by a hacker and used for access – these are surprisingly common in homes. Likewise any home automation products connected in people’s homes with default passwords are an open door to hackers.
  • Any home machines that are used to access your business systems are equally vulnerable if not locked down. This is especially true if it is shared with other household members?
  • Does the VPN still work, and is MFA in place in EVERYTHING? We know that MFA is a nuisance, but every week we see examples where MFA saved an organisation from being hacked.

Any old equipment, no matter how trivial, is a potential vector for a bad-actor to exploit.

All equipment, no matter how minor, needs to be maintained and kept up to date. That means it needs to be under manufacturer support, and the manufacturer updates need to be applied, and you need visibility of this in regular reporting.

Regular checks, and regular reports, make sure this asset management is kept maintained, and your system is kept secure.

The lockdown meant most of us got a deep dive into video meetings, and the two most common tools we all saw were Zoom and Teams.

Both of these share similar characteristics and our tips for Video calling security are :

  • Keep your software up-to-date.
  • Use the ‘lobby’ features for external meetings to allow you to curate how is joining your meeting (avoid ‘zoom bombing’ – where your email invitation is shared further than you expect and unknown people might get the link and use it to join your meeting uninvited) – making everyone use video might consume data but is also gives you a visual verification that the people you expect to be on the call are the only ones there.
  • If your people are doing video calls, what is in their background images – is it appropriate?
  • In Zoom, use the password feature.
  • If available, use MFA.

We recommend having all active IT devices on a proactive support plan such as KARE, and regularly reviewing the list of devices under contract to ensure it stays current.

Finally, do your people ‘act’ securely?

  • When was the last time you briefed your team on security risks?
  • If your team work on confidential data, either the organisation’s proprietary data or individuals’ private information as defined under the updated 2020 Privacy Act, can they work in a secure manner so other members of their household can’t see content that should be secured?
  • Are they using discrete, complex passwords for everything? A password vault, like the KARE Password Vault or as part of the KARE for Security S2 plan is vital.

Lesson Three. Check your phone calls are still able to be answered, and calls transferred, by people working from home.

We’d expect this is straightforward, but again it is worth testing if you have changed your phones, your telco provider or any of your call handling staff. Check they have working headsets at home so they can take calls comfortably, and confidentially.

Lesson Four. Can you handle logistics – couriers, stock items and products

Supply chains have been stretched to breaking point. If you are locked down, and you need to get product to your workers, do you have current addresses and delivery instructions. Some will have moved house or had changes in personal circumstances.

Don’t take it for granted that what worked last year is still suitable.

Lesson Five. Don’t take Culture for granted.

One of the big lessons from the last lockdown was how employee satisfaction was challenged. Report after report showed this was widespread. People quickly become frustrated with their situation in these lockdowns, and they translated that into all sorts of elements that make up their daily experience – not least being their job.

  • How will you maintain your company culture and staff connectedness in an extended lockdown?
  • We used to tell people not to take their work home with them. Clearly in a lockdown we’re asking the exact opposite.  Do you have a clear delineation for your people between work and home when they are working from home?
  • Can you provide time management training to ensure staff are as efficient as possible and know when to switch off for the day?
  • How do you ensure that communication isn’t misinterpreted?
  • How do you reduce the risk of social isolation for workers who may not have connections outside of work?
  • How do your reduce the risk of organisational isolation where team members may not have
    equal access to information?
  • How will you manage performance, coach, and develop your team while working remote?

Lesson Six. Health of your team.

We’ve learned that health is as much about mental well-being as physical. If someone is becoming tired or depressed, it can be a lot harder to pick up the symptoms remotely. We recommend regular check ins and being hyper-sensitive to the needs of your team. It might be that you adapt some exercises to work remotely, highlighting the online experience. For example, get each team member to show something unusual about their home, or play an online game together.

The physical health of colleagues will be at the front of people’s minds. Encourage everyone to follow the rules set by the Ministry of Health:

  • Scan the Covid QR codes.
  • Get the vaccine.
  • If anyone is unwell, isolate and if anyone presents with Covid symptoms, get a test. If your people are unwell, can you support their family in anyway?

Lesson Seven. Does your organisation need to stall?

What work can you still do during lockdown? We’ve been encouraged by the number of clients telling us they simply can’t afford to stop and wait for ‘normal’ to resume. They have projects that need to be done.

We’re working with a number of clients to make sure projects can continue. Whether that is a FlightPlan discovery exercise to plan ahead for the next year, or completing a digitisation project, or continuing a change management programme, it turns out that many of these projects can continue remotely.

If you have plans, and the associated deadlines, you will be surprised how much of this work can continue through a lockdown.

The world need not stop!