How To Set Up Employees to Work From Home
With a number of confirmed cases of COVID-19 in Florida — including two residents of the Suncoast — safety protocols require that a number of people are now being “monitored” and many others placed under quarantine in order to prevent the spread of the SARS-CoV-2 virus that causes the disease. One major difficulty with this disease is that early signs aren’t much different from the flu or even the common cold, which is why the Centers for Disease Control officially advises employers to:
- send people home at the first sign of respiratory symptoms
- actively encourage sick employees to stay home
- maintain flexible policies that permit employees to stay home to care for a sick family member
Some people who aren’t coming in to work are actually unable to work due to their illness. But others whose symptoms aren’t severe or who are staying home because a family member is sick could be productive if they had access to the right tools.
Office Workers vs. Remote Workers
Remote work isn’t particularly new. In some industries, it’s becoming more “rule” than “exception.” This includes tech, where companies like Automattic operate with an entirely distributed workforce.
And this means that lots of tools have been created to facilitate working from home — or anywhere else, for that matter. If your business or organization has made the transition to these kinds of tools, which typically operate “in the cloud,” then it’s easy to see how one or more people could work from home.
But what if your work environment (or a particular job function) requires access to resources on your network that are only available in your office?
Many traditional business networks are configured exactly this way — your security and other protocols are designed specifically for an onsite workforce. Each employee uses a computer that is owned and controlled by the employer, and which has (hopefully) been configured by the employer to certain standards.
When someone needs to work from outside the office, however, things start to get fuzzy. Perhaps the employee will be using his or her own computer. Maybe that computer is protected from viruses and other malware, but maybe not. Perhaps most importantly, how will that person gain access to the resources they need in order to do their job?
Considerations for Remote Work
“At minimum, employers should ensure that they are using a business-class, VPN-capable firewall or security appliance at the office. Remote workers would ideally be using a computer owned and controlled by the organization, but a personal machine belonging to the employee could be used if properly configured.
Some situations will call for an employee to remotely control a dedicated computer at the office. This also requires more security than people often think — especially given the number of security vulnerabilities that were discovered in “remote desktop” tools over the last year or so.”
When an employer wants — or needs — to allow people to work from home, there are a number of factors to consider. Since we focus on technology, we’ll steer clear of some areas that are better addressed by HR or legal.
When it comes to technology, the considerations tend to fall into a few neat categories:
- User Authentication
Let’s walk through those briefly.
We’re all familiar with the many joys of usernames and passwords. Long ago, many organizations adopted tools to allow for “single sign-on” (SSO), which was envisioned to allow for centralized administrative control and to theoretically cut down on the number of usernames and passwords any given employee might need to remember. By far the most common such system is Microsoft’s Active Directory, which is typically implemented via a “domain controller” — a server that runs special software from Microsoft.
If your business uses a Microsoft Server, there’s a good chance you’re using Active Directory to authenticate users and permit them to access the computers, files, printers, and other resources that your business uses in its day-to-day operations.
If you’re not using Active Directory on a server in your office, then you may be using cloud tools like Google’s G Suite or Microsoft’s Azure Active Directory to handle user authentication. Or you may have a mishmash of logins for every employee to keep track of, which makes controlling access and permissions a very messy affair.
Certainly user authentication is a component of security. Allowing people who sign in to your network who should have access while simultaneously blocking people who shouldn’t get in is critical for security. But there’s much more to security than just user authentication.
The news has been full of stories for quite some time about organizations that have been hit with ransomware, had data breaches, and experienced other incidents which have shut down their operations or exposed them to scandal and high costs in the form of data recovery or lawsuits.
Protecting your network goes beyond just properly authenticating users. You need protection from attackers, and you need to keep your intellectual property, data, and finances secure.
Data breaches are often the result of security incidents. But keeping your business secrets safe goes beyond security. You need to protect not only your proprietary data and methods, but now more than ever you must also protect confidential personal information — whether we’re talking about sensitive things that HR knows about your employees or data you’ve collected about your clients.
Depending upon where you and your customers are located and exactly what kinds of data you collect, you may be responsible for compliance with regulations such as Europe’s GDPR, California’s CCPA, or the many other State and Federal laws — including HIPAA — that govern the use and release of personal data.
Which of your staff members access this kind of information? How is it stored? To whom do they send it? And who else can see it while it’s in transit?
These are all issues of privacy that come in to play and can be dramatically different when people work from home rather than in your office.
Certainly your workers need access to existing data. Does your business use a file server in your office? What about a database server? If so, then access to your data sources may require that your remote workers remotely control a computer on your network — such as the one they normally use when in the office. Alternatively, a virtual private network (“VPN”) may be an option. With a VPN connection, your remote worker’s computer can function effectively as if it were plugged into your office network. Depending upon how it’s configured, the VPN allows your worker to access all the usual network resources, including servers and even printers.
But access to data is only half the battle. What about data that your remote workers create?
If your workers save files to their local machines, then where will those files be backed up? Documents, spreadsheets, presentations, and PDFs are all common examples of the kinds of files that employees may typically create or edit on their local computers. If the computer they’re using is not attached to your network, then usual backup protocols may not work as expected. What processes will you put in place to ensure that the fruits of your remote workers’ labor isn’t lost if something happens to devices that are not under your direct control?
Common Requirements for Remote Workers
The details will vary based upon specific requirements, but a typical setup to accommodate employees working from home might include:
- A business-class, VPN-capable firewall or security appliance at the office. This is not to be confused with the consumer-grade routers commonly available from electronics retailers, office supply stores, or even Amazon.com. Though your device may advertise itself as a firewall or VPN appliance, this is decidedly not the place to cut corners. The business-class devices, although they may require expert configuration, are capable of dropping connection attempts and other traffic from entire regions of the world — think Russia, China, and other places where hackers congregate. The lower-cost devices simply do not have the horsepower to survive even some of the most basic attacks, which often include attempts to flood the device with traffic to overwhelm its processing capabilities. Furthermore, they often do not receive critical security patches often enough to keep your network safe from the kinds of bad actors who endeavor to infect your devices with malware.
- A properly equipped computer at the remote end. From an IT support and security perspective, it’s always preferable that the computer be owned, controlled, and prepared for use by the organization. But an employee-owned computer can be used as long as it has appropriate tools on it. Essential software would include a VPN client configured with the security protocols to establish a connection to your network as well as endpoint security (i.e. business-class anti-virus software that utilizes behavior-based detection algorithms in addition to the typical signature-based variety) and encrypted, versioned, backup software to ensure that your business data is backed up and protected from ransomware and data breaches.
Should We Switch to Cloud Software?
Cloud solutions like Google Docs or Office 365 Enterprise are fantastic ways to facilitate remote collaboration for distributed teams. Great attention has been paid to user authentication and security. With proper implementation, it’s also possible to create policies and procedures to help with privacy and data concerns as well.
However, making a snap decision to switch to cloud-based systems may not be the most advisable decision.
Especially when your systems are designed with a traditional office-based network setup, the shift to cloud-based tools are a paradigm shift that comes with serious ramifications which should be considered and planned for properly.
“In the long run, transitioning to cloud-based collaboration tools is a great way to allow your people to work from anywhere. But there are a number of factors to consider, so we recommend sitting down with an organization’s key leadership to create a plan that takes into account the potential pitfalls to help avoid losing money in unexpected ways.”
Schedule a free consultation with one of our cloud solutions experts today to get started!
Whether you need to secure your network or want to move to the cloud, you don’t have to go it alone. CSi Networks has the experts who can help you navigate the technology and keep your business running smoothly — with employees coming in to the office, working from home, or both.
Get started today with a free on-site network security assessment. There’s no cost or obligation, and it’s a great way to get on the road to a more secure, healthier business.