IT considerations for your work from home staff
Work from home is here to stay, but don't allow bad IT policies to create cybersecurity issues and productivity issues for your company.
Technology Enablement
Everyone already knows how important technology is to their business. You just can't run without it theses day. Everyone is connected, all the time, to the internet, email, Teams, Slack, cloud enabled apps and so much more. That makes the transition to work from anywhere easy for many companies, but even with the easy access, there are several considerations for technology enablement.
- Will your employees access data from a personal device or a company-provided device?
- It's important that you keep control of your data, and stay compliant. For instance, if someone access medical PII data from a home computer and saves a simple PDF, they may have just created a HIPAA violation if that same computer and username is shared with other members of the house.
- Will your employees make outbound calls from personal cell phones or will your phone system allow remote work?
- If your employees are calling from random numbers, will that hurt brand recognition or customer services? What happens when people start calling direct cell phones instead of your main office number? a proper VoIP phone system can help fix this and allow you to maintain control over communications.
- Do employees have adequate equipment to work from home? Monitors, Keyboards, Laptops, Desktops?
- Does your firewall/router allow for VPN (Virtual Private Network) access?
- Without a secure connection, your putting data at risk. Also, an improperly setup VPN can create huge cybersecurity issues.
- Will your staff access data via Remote Desktop, VPN or both?
- Open Remote Desktop connections are a huge NO-NO, this creates a cybersecurity issue that is often exploited by bad actors.
- Will your business applications run properly and efficiently through a VPN?
- Certain applications just don't run well over a VPN. QuickBooks is the biggest offender, and while it works fine with remote desktop, trying to run it directly over a VPN is painfully slow.
- Can your IT support (i.e. vendor, employee, etc) assist with issues remotely?
- Many IT Service providers have a hard time properly providing support at home, or helping guide you to secure solutions for your home users. We often extend our CyberCare service to the home environment, keeping your company more secure.
Communication
- How will important decisions, updates, and working guidelines be communicated to employees?
- We recommend a program such as Microsoft Teams or Slack to enable employees to communicate effectively. Employees can communicate through instant messaging via these programs and many can be integrated into your phone system if you have VoIP.
- How will ingoing/outgoing phone traffic be handled?
- With the right VoIP system, employees can take their desk phone home and plug into their home router and see no disruption. Call traffic will flow exactly as it did when physically in the office. Most VoIP providers also provide a “soft app” for their users to allow their cellphone to receive company phone calls, as well as mask outgoing caller IDs to show the business phone numbers rather than the personal cellphone number.
Security
- Are all devices that will be used for a remote function being properly secured to ensure data security?
- We often find many users working from home, on personal computers, with out of data patches and anti-virus. This creates a huge cybersecurity hole in your organization, and in fact, in the early days of WFH many companies got hacked because a home computer was hacked, and then connected to a company VPN, allowing hackers access in a more trusted manner.
- Are there any industry regulations that you need to consider? (HIPAA, FISMA, PCI, GDPR, etc)
- regulators don't care that you have work from home employees - all that data has the same rules and restrictions. If you don't have the proper cybersecurity and policies in place, you can face fines and public embarrassment from an improperly secured device.
- Are company files and data secure?
- Companies tend to build a 'walled garden' around the physical office location. High end firewalls and services help to secure the servers and work computers, but then it's left wide open on those home and remote computers. Will you update staff firewalls? How do they make sure they are maintained? Do you have proper email security in place that extends to phones and home devices? What about Multifactor authentication (also called 2FA or MFA), are you requiring that on home computers? Will you extend your endpoint security software to home and remote users?
- Have you set a schedule for Updates/Patching?
- Basic cybersecurity is often automated or outsourced in the office, but what about at home? Will you trust home users to patch and update all their software? How do you prove it? Don't forget, regulators don't care if it's at home or at work, if it's used to access regulated data, you have to keep it compliant.
- Have your employees received training on data security while working remotely? If not, we’ve provided a template to provide your employees. Click here to download.
Policy
- Do you have a remote work policy in place?
- It's important to make sure staff are following your policies at home, and if you don't define HOW they can do that, you risk con-compliance.
- Is your remote policy written and acknowledged by employees?
- Make sure they sign your policy and you have a way to verify if it's enforced. For instance, if you want to make sure patching is done properly and Anti-virus is up to date on a home PC, how will you check and verify that? We recommend extending our CyberCare policy to home computers, so we can verify and PROVE it for you.
- Do you have employee training in place to identify email phishing attempts?
- a vast majority of hacks (as much as 90%) start with email and social engineering. If a hacker can get a worker to click a bad link on a less secure home computer, it's easier to get and maintain access. Then when that user brings the laptop to the office or connect to a VPN, the bad guys have access to the rest of your network.
- If you don’t have a remote work policy in place, we’ve provided a template that you can modify to fit your business. Click here to download.
Downloads and Suggested Apps for Work from Home:
- Check out our new Microsoft 365 Tips and How To Page
- Video Conferencing: Teams or Zoom
- Remote Communications: Teams or Slack
- Remote Phone Systems: VoIP
- Task Management for your Team: Microsoft Planner, part of O365
Helpful Documents: