With so many companies transitioning some, most or all of their workforce to teleworking and the potential for severe weather over the next day or so, it’s likely that a number of organizations will start the day tomorrow with outages and connectivity problems. It’s a little close to the wire but we wanted to reach out with some quick thoughts on managing weather-related issues or outages.
- Appoint a person or small group as a primary point of contact for problems. Funnel all support requests and reports through that person or small group. With so many people working remote, it’s likely that large groups of workers will impacted by the same or similar events (e.g., everyone with Comcast is down, everyone with AT&T is down, everyone in Marietta is down, everyone in Calhoun is down). Having one person or small group ‘see’ all of the inbound support requests will make it easy to spot those patterns and if the issue can’t be addressed by the support team (e.g., a problem at the ISP), let those affected know and let the support team move onto an issue that they can address.
- Establish a primary and secondary means of communication for people to report issues. An example would be email as the primary (because it will be easy for the primary point of contact to organize and sort) and mobile phones as the secondary. Limiting incoming communications to one or two methods will make it easier for support personnel to triage issues. It is also important that your people know how they will be contacted by support and who will be contacting them. Attackers will use this as a pretext for attacks (phishing, vishing, etc.).
- Prioritize issues based on a clear, easy to understand matrix and communicate that to all of your users so that they can quickly determine and understand how their issue will be prioritized. Our internal priority matrix is below as an example.
| Description | Example | Priority |
|---|---|---|
| 1 User Impacted | – Computer is slow but usable – Some limited functionality | Low / Normal |
| Multiple Users Impacted | – Multiple users with limited functionality | Normal |
| 1 User down | – Single user completely unable to work (does not include high-value user or principal) | Normal |
| 1 User down | – High-value user or principal | High |
| Multiple Users Down | – Multiple users completely unable to work | High |
| Server(s) Impacted | – Server(s) running slowly | High |
| Server(s) Down | – Server(s) unavailable | Critical |
| Network Impacted | – Network running slow, some or all users affected | High |
| Network Down | – Network completely down, all users affected | Critical |
| Suspected Security Event | – User clicked phishing link, AV alerted on potential payload, etc. | High |
| Confirmed Security Incident | – Clear Indication of Compromise | Critical |
- If possible, establish an easy way for users to check the status of their issue (e.g., a company intranet, etc.) so that the support team isn’t fielding requests for status updates rather than working to resolve the problems.
Although our office is temporarily closed, Cyber Tech Cafe is open for business and we are working to support our existing customers as well as accepting new clients. If you or your organization needs IT Support, we’d love an opportunity to earn your business.