Do you have employees who want to work from home or need to be able to work remotely when away from the office? Remote working has increased dramatically over the last decade with 4.2 million UK adults regularly working from home last year.
This is especially true of more senior positions, 1 in 5 managers frequently work remotely, and more employees would like to join them. Offering remote working has become an important element of employers’ recruitment and staff retention strategies and it’s not only beneficial for the employee; reports suggest that 30% of office workers are more productive when working from home so there are compelling reasons for organisations to adopt remote working practices.
Key considerations for a remote workforce
Of course digital technology has been the driving force that has enabled this level of flexibility. VoIP services, virtualisation and other Internet delivered services have allowed employers to offer their staff the opportunity to work remotely, or to recruit new employees potentially anywhere in the world.
However, there are business critical factors that must be addressed if you are to allow staff to access your business systems remotely. Here are our recommendations for devising a robust remote working strategy:
IT policies for remote workers
It is essential that you consider the implications of allowing access to specific systems and data remotely, and take all necessary steps to protect business critical information. This might mean limiting what activities can be carried out remotely, such as processing sensitive data, sending documents electronically, financial transactions and so forth. Clear policies must be in place to ensure your remote workers understand what they can and cannot do, and the reasons why.
Working in public places is also something that must be addressed in your IT policy document, and guidance given for employees. This is particularly relevant for anyone working away on business, who might be using hotel or coffee shop Wi-Fi services. Homeworking staff should also understand why popping out to work in their local Starbucks might not comply with your IT policies and if they do what the implications could be to the business – Man-in-the-middle (MITM) and spoofing attacks, network sniffing etc.
Remote access to your network
To enable employees to work effectively and productivity remotely, it is likely that they will need access to their email, company files and other systems, such as project workspaces, customer databases etc. This can be achieved using Virtual Private Networks (VPN), and allows access to an organisation’s private network services over the Internet or a service provider backbone network. Organisations can either purchase their own VPNs and manage these internally, or outsource to a managed service provider who will set up and maintain this for them.
VPN creates a secure link between your business network and your remote employee’s laptop or mobile device, as if they are plugged in directly to your business’ network. Users first connect to a Network Access Server (NAS), also called a media gateway, using the Internet. The NAS requires the user to sign in and then validates their credentials before allowing access to the VPN.
To use the VPN the user also needs client software installed on their computer or mobile device, this sets up the connection to the NAS. Most operating systems have built-in client software but some VPNs may require a specific application. Data sent via a VPN connection is encrypted so it cannot be intercepted, however it is still important to evaluate the potential security risk to your business when using VPNs.
For example, remote workers need to take precautions to ensure that if their computer or mobile device is lost or stolen, your business network cannot be accessed because of poor password hygiene. Or if they’re accessing your network in a public place, they must take reasonable precautions to prevent other people from seeing sensitive information.
You will also need to decide whether employees can use your VPN on their own devices, such as their mobile or home computer, or whether they will need a company laptop installed with your preferred security features – firewall, antivirus (spyware and malware), Anti-Spam, email attachment scanning, Unified Threat Management (UTM), link protection etc. If they are to use their own devices what additional security measures can you offer them?
By Ian Davies, managing director, Liberty-i