Does Your Company Need a Work From Home Policy?

The use of remote access has skyrocketed as a result of the coronavirus epidemic. Many businesses are finding it lets employees connect more easily. They will want to keep it in the cases where it works best.

Remote access has to be done right to produce good results. If it’s done haphazardly, productivity and security will suffer. Employees will complain about inconsistent treatment. What’s needed is a comprehensive, fair policy. It will let employees know what their company offers and what is expected of them. A good remote access policy gives management and employees guidance in unusual situations.

 


 

Eligibility

Not every kind of job lends itself to remote work. Some tasks require an on-site presence. Some employees need to work at the business location to do their jobs well. Management may not want to trust inexperienced employees or ones with poor records to work remotely. A consistent set of criteria is necessary to avoid accusations of unfairness. If some people can’t use remote access, they deserve to know why.

Sometimes remote work doesn’t work out well, and it’s necessary to withdraw authorization. Again, it has to be done according to clear rules, with a way to handle disputes. Family situations, Internet connectivity, and the requirements of the job can all be considerations in whether remote access is a viable option for an individual.

Equipment

The equipment for remote access needs to live up to certain standards. If the connection is too slow, work will be frustrating. If a device is too old for proper support, it’s a security risk. A company can let employees use their own computing equipment or lend its machines to them. Issuing equipment to employees is more reliable but more expensive.

Providing employees with equipment requires setting clear terms. The devices have to be returned in good condition when requested. Employees may have to cover them with their household insurance, in which case the company needs to compensate them. Any restrictions on personal use need to be clear up front.

If employees use their own equipment, the IT department should review it for suitability. If it’s too old to run modern operating systems and applications, it will cause problems. Not only will it fail to run required software, it could have security issues that can’t be patched. Any equipment which connects to the company network should meet some reasonable standards.

Software

For the same reasons, the software needs to be trustworthy. It has to be regularly patched, whether by local auto-updating or by being pushed from the company’s servers. There should be a requirement for anti-malware software on machines that access the network.

In many cases, those machines will need to run software under the company’s license. Issues of license management may come up, and there might have to be limits on personal use. The employees need to understand that the software is on their computers only at the company’s discretion and could be removed when the situation changes.

Internet connection

Employees need a reliable Internet connection to do their jobs remotely. If employees are just working on files that they upload or download, the quality isn’t critical. If they’re expected to participate in video conferences, the connection’s reliability and bandwidth become important. Speed is less important than consistency; if an employee suffers from frequent dropped connections, real-time communication will be difficult. The policy should include an acceptably consistent Internet connection as one of the eligibility criteria.

Outside devices need to come in through a VPN to ensure security. Employee computers, tablets, and phones should have suitable VPN software on them, with instructions to employees on how to connect. The policy will specify that all network access must go through the VPN.

Some people like to work from libraries or cafes, which may be quieter than home. Public Wi-Fi is insecure, but it doesn’t matter so much if all traffic goes over the VPN. Whether the policy can allow the use of public access points depends on how stringent the security requirements are.

Data protection

Confidential data on portable devices and home computers is a potential problem. The remote access policy needs to require employees to protect any sensitive data in their possession. It should mandate encryption and password locking for all devices that go off the premises.

The best protection is not to have files on off-premises machines at all. Shared documents that are viewed and edited online pose less risk. The policy should state whether employees are permitted to store sensitive data on their machines. Keep in mind, though, that cache files could store data locally without the employee’s knowledge.

Strong passwords, access keys, and two-factor authentication keep accounts safer. The policy should specify authentication requirements for employees who handle sensitive data.

Termination policy

Employees sometimes leave their jobs, and not always on good terms. Their obligations need to be spelled out. They may no longer access the company’s systems unless special arrangements are made (e.g., they are continuing as contractors). The IT department needs to know how to handle terminated employees. Is their information going to be archived or just deleted? Do they need to return any devices? Does software need to be removed from machines that they own?

Handling employee terminations is always one of the most unpleasant parts of running a business. A policy that is as clear as possible helps everyone to get through it.

Summary

Working through remote access involves many considerations. Information needs to stay secure. The equipment and the Internet connection need to be up to snuff. Special software may be necessary. Not all work can be done remotely, and not all employees have the temperament for it.

A policy that covers all these issues makes it easier to manage remote access without harmful errors. It provides a ready source of answers that won’t vary from one manager to another. Relying on it avoids mistakes and leads to better business decisions. In brief, remote access based on a clear policy lets a company work better.

White Mountain IT is ready to help you with your IT strategy in a changing world. Contact us for a consultation.

Related Posts