Managing the increasing technology demands of telecommuting employees isn't easy for any business, but it can be especially challenging for small businesses. However, it doesn't necessarily have to be difficult. The key to effectively managing remote workers is to make sure they have the technology they need to be productive, while making security a top priority.
Doing that, however, isn't as easy as making sure your employees have nice laptops.
"Our survey averages have shown that 92 percent of respondents have sufficient computers and Internet access," said Rick Albiero, founder of the Telecommuting Advantage Group, an alternative work arrangements consulting agency. "Just having a nice computer at home isn’t enough, however. Organizations also need to determine if telecommuters can use their own computers or if they need to have dedicated computers for work-related activities."
Personal laptops and desktop computers may already be compromised or already filled with viruses, said Rick Phillips, director of infrastructure solutions and managed cloud services at Weidenhammer Solutions.Another reason is that personal computers aren't likely to be equipped with adequate resources and cannot be managed by the company's IT department.
"It is more efficient and secure to provide the employee with the equipment that you can control from your central IT administrative capabilities," Phillips said. At minimum, Phillips recommended that companies provide telecommuters a laptop or desktop computer with broadband Internet connection to the office and other services for email, file-sharing, text messaging, Voice over IP (VoIP), videoconferencing and Web access.
Depending on their role, some telecommuters may have additional needs. For instance, Phillips said that call agents who work from home should be equipped with computer-telephony integration (CTI) and with the right software so they can use their computers to manage calls and integrate with customer relationship management (CRM) applications in the office.
"Telecommuters whose work relies heavily on meetings should also be equipped for audio and video collaboration," Phillips said. This includes making sure that their computers include a webcam or digital camera, video card, videoconferencing client software, and functional microphone and speakers.
Companies that allow telecommuting should also provide security-related resources to make sure their data and devices are protected.
Phillips said security is the No. 1 challenge small- and medium-size businesses (SMBs) face in enabling a telecommunications and mobile workforce. Telecommuters often work in public places, such as coffee shops, libraries, airports and hotels, where Wi-Fi networks are typically unsecured and thus open to anyone within range.
"It's relatively easy for someone to not only access open files on someone else’s computer that is on a shared Wi-Fi system, but to also access and download stored files on the computer," Albiero said. "Programs such as Cain and Abel, Ettercap and Wireshark allow someone to steal your data through public networks." While some locations have implemented security measures to protect their networks, such as by requiring a password, Albiero warned that it isn't a sufficient security approach.
To effectively address security issues posed by telecommuters working in public spaces, Albiero suggested that laptops be equipped with a Wi-Fi security system that requires a separate password for anyone on a shared Wi-Fi signal that tries to access a telecommuter's device. For those with access to Ethernet connections, another solution is using a travel router that plugs into an Ethernet jack to provide a hardware firewall against other users on the network, Albiero said.
Another cost-effective solution is implementing a Virtual Private Network (VPN), a security measure that encrypts files on your computer and any data being exchanged over the Internet; this encryption makes the encoded data useless to anyone else with unauthorized access. "A secure VPN will provide this protection while the data is en route to and from your computer," Albiero said.
Typically, users launch the VPN client installed on their devices then input their credentials for authorization. Using the public network, they are then connected to a remote data center that provides a private connection, as though they were directly connected to the company's local, secure network.
"Instituting a VPN solution will ensure secure access only by the telecommuter," Phillips said.
To be effective, Phillips also said companies should make sure their VPN provider has strong encryption capabilities, specifically Secure Socket Layer (SSL) encryption, an industry standard data protection protocol that encrypts information being exchanged to and from a website. "SSL VPNs provide such flexibility and levels of transmission encryption to be safe and secure."
Allan Pratt, an InfoSec strategist and Computing Technology Industry Association (CompTIA) certification instructor, said that if employees spend a great deal of time traveling or working in public work spaces, it is best to invest in VPN. "VPNs can be purchased for $10 a month from commercial providers, or set up through the employer."
The VPN client should be easily found by users, so they always remember to use it prior to any Internet activity, for instance. "The IT department should also set up employees’ equipment so that the VPN icon is readily available on the homescreen," Pratt said.
Pratt, a cybersecurity and information security blogger at Tips4Tech, added that security concerns aren't limited to network privacy and data protection. Companies also need to make sure that telecommuters physically secure their devices to avoid costly consequences.
"Outright theft is a big security risk," Pratt said. One way to mitigate theft is to require a password before devices can be turned on. Pratt said users should also enable timeout screens so that their monitor is set to blank out or switch to a screensaver after a set amount of time, then require a password to gain access. "Always remember, the best passwords are 10 characters or more in length using upper- and lowercase letters, numbers, and special characters."
To physically secure devices, Albiero suggested laptop cable-locks if one ever needs to step out. "If you’re at a coffee shop and drinking coffee, you’re going to have to go to the bathroom. It’s too tempting to leave your laptop alone 'just for a minute.'"
Still, for security measures to be effective and to better manage telecommuting employees, experts say that companies should make security issues part of the training process.
"As part of an employee’s orientation training, he or she should be instructed about the reasons for not using office equipment at public places if there is unsecured Wi-Fi," Pratt said. He also advised companies to teach telecommuting employees how to properly use security tools to make sure they are being properly operated (for example, telecommuters should be taught how and why they should launch their VPN client before opening a browser). Furthermore, Pratt said employees should be trained to be aware of their surroundings to prevent outright theft. "Even for a moment and even in a place one thinks is safe, a device can be stolen."
Phillips said that businesses should also educate employees on security procedures, such as backing up files and data loss prevention best practices. Additionally, when it comes to the rules and regulations of telecommuting, both employees and IT should be on the same page. "Your organization must have a known protocol in place that is fully understood by both your management team, as well as the telecommuting employee."
He added, "Make it an HR point to develop and implement a training program specifically around telecommunication workforces. Be especially considerate of compliance regulations and requirements of the business. Don’t allow employees to put the company in a sensitive compliance situation unknowingly."