A guide to maintaining productivity, security and compliance when working from home.
Have you already transitioned to working from home? Or, are you planning on it soon but just haven’t quite pulled the trigger yet?
When we firsts moved our own company to a “work from home” environment, as well as moving our clients to do the same, it was a two step process. The first thing we did was just get them to their house quickly, because that’s what the situation called for. Since we already had the infrastructure set up correctly for ourselves and for our customers, it wasn’t a big deal to make it happen, but it was still done with speed in mind. The next thing that we did was then go back to all our own employees and our clients employees and conduct a little audit.
So, in this post, we’re going to go over 2 things. First, we’ll talk about what you need to consider from a technology perspective to physically move your employee’s to their houses. Then we’ll talk about some policies about working from home that will help maintain productivity, security and compliance (if you’re in healthcare).
Earlier this week, we conducted a webinar on this very subject, and that is where all the content from this post is coming from. If you’d like to watch the webinar, the video is posted below. Or, you can read this post.
Watch the webinar replay here
Technology considerations for working from home
There are 3 categories of items to consider for working from home. Hardware, software and then how your employee will access your company resources. At the end of this section we’ll share a few examples.
What will your employee need at home to get their job done the same way they would if they were in the office?
Every situation is different, but we’re talking about things like a computer or laptop, single or dual monitors, an office phone, a printer, a scanner, a fax machine, a shredder, or a webcam as a few examples. Do they need some of those items or all of them? Think through all the tasks the employee needs to get done and make a list of all the hardware requirements.
In addition to that, will the employee be providing their own equipment, like their own computer, or will the company be providing it for them? That is going to be up to each of you to figure out.
What software applications will your employees need access to in order to perform their jobs? And, how will they access them?
If the software applications your business uses is all web-based, then this might be kind of easy. If they are all client server based, then this gets a little complicated, but is totally achievable. If everything is web-based, but your company still has a shared folder on a server, then there will be some additional considerations.
How will your employees communicate with each other?
Some phone systems, like a Voice Over Internet Phone system (VoIP), those allow you to just unplug your office phone from your desk and then plug it into the internet at your house and it will be like you’re at the office – no changes. Other phone systems might need some special arrangements to be made. Either way, just contact your phone system provider and ask them what they can do with the phones.
There are other applications you could also utilize to maintain communication for your employees. Microsoft Teams, Zoom, GoToMeeting, Facetime, Google Hangouts, Slack, those are just a few programs you could check out.
How will employees access company resources?
If your office uses all web-based programs, then not much will change.
If your office uses a shared folder on a server, then accommodations for this will need to be made.
If your office uses a “client-server” type software, then accommodations will need to be made for this as well.
In either of those two scenarios, you’ll need something that is called a VPN, or a Virtual Private Network. This is a secure way for employees outside of the office to connect to your server. You’ll need a commercial grade firewall to make this happen. Talk to your IT professional about setting this up for you. Make sure the firewall is patched, or up to date.
With the VPN in place, your employees will be able to securely connect to the server to access the folders and applications needed.
In addition to that, your employees will need an application or program to “remote-in”. A program called Remote Desktop is a good choice. When using Remote Desktop, the user at their home will connect to the server and access what is needed. In this scenario, you’ll only need one computer to perform this, the computer at the home office.
If not using Remote Desktop, there are a few other programs that we could recommend that are secure with a paid subscription. Some examples are GoToMyPC, Splashtop and RemotePC. With these programs, you will need two computers because the computer at the home office will connect to the computer at the real office.
Policies and Procedures for Maintaining Productivity, Security & Compliance
Now that you’re setup and ready to work, let’s talk about policies and procedures.
We have 3 resources here for you to use however you’d like. The first is an employee work from home agreement, or policy. The second and third resources are checklists for you to use to maintain security and compliance.
Employee Work From Home Agreement (Policy)
We strongly recommend that you put together a “Work From Home Policy / Agreement”. Having employees work from home poses many risks, and some of them are pretty significant risks. So, establishing an agreement with your employee is essential in setting the ground rules for your employees so that expectations are set.
With your employees are working from home, they need to commit to a few things. They need to commit that they’ll work just as hard at home as they would in the office to get the job done. They need to commit to taking care of company owned equipment and property. They need to also commit to protecting company and client data. Your Work From Home Policy should cover all these aspects.
We’ve put together a Work From Home Policy Template for your use. We provided this to many of our own customers, and we’re now giving it away here. It is just a template though, so read through it and customize it to fit your own situation.
Checklists for Security and Compliance
There are two reasons for maintaining security and compliance. The first reason is because it is irresponsible to not. Working from home poses some big risks and you can lose data, have computers ransomed, put yourself in a position to be fined, etc. The second reason is because this will help with keeping your employees productive. Anytime a security event happens, even if it is getting a simple and harmless virus, it wastes time. The bigger events like ransomware wastes a ton of time. Become secure and avoid wasting time.
We have put together two checklists that have to do with security and compliance. Use them however you’d like. Give them to your own IT guy, or try to go through it yourself. Please use them though.
Both of these checklists originate from our own standards library. When we manage the technology of our clients, we use checklists like this on a routine basis to manage their technology to make sure it is up to our standards so that they can get the best technology results.
Business Continuity for Remote Employees Checklist
The first checklist is called Business Continuity for Remote Employees. “Business continuity” just means that you’re able to work effectively like you normally would.
This checklist looks at everything related to having employees work outside of the office. So, it’s asking questions about your firewall, the VPN setup, your backup and disaster solutions, 3rd party management and much more. It’s a big picture look at the whole setup. Since this checklist has a lot to consider, it is only asking a long series of yes or no questions and we took out all the details and explanations that typically accompany this type of checklist.
So, please use this by yourself or hand it to your IT provider and have him go over it all with you. It should make sense to your IT provider and he should be able to explain it all to you, and then provide reassurance that all these items (as applicable to your own environment) are being done.
Employee Owned Device Checklist
This second checklist focuses specifically on the device that is out of the office – the employees computer and how they are connecting. If this is an employee owned device, or a company owned device, it doesn’t matter, the checklist still applies.
This checklist includes a lot of details with explanations. Still though, use it yourself or hand it to your IT guy so that he can verify for you that everything is set up correctly to put your mind at ease.
Free Security Awareness Training: https://www.knowbe4.com/homecourse – password is “homecourse”
HIPAA Compliant Remote Access Services:
- Splashtop: https://www.splashtop.com/coronavirus-remote-work-resource-center
- GoToMyPC: https://www.support.logmeininc.com/gotomypc/coronavirus
- RemotePC: https://www.remotepc.com/index.html
Free Microsoft Teams 6 Month Trial: https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/05/our-commitment-to-customers-during-covid-19
AZCOMP Recommended Anti-Virus for Employee Owned Devices: https://home.sophos.com/en-us.aspx
Ring Central COVID-19 for Healthcare: https://www.ringcentral.com/lp/covid19-offer
Free Ransomware response during COVID-19 to Healthcare: https://blog.emsisoft.com/en/35921/free-ransomware-help-for-healthcare-providers-during-the-coronavirus-outbreak/
Extensive List of All COVID-19 Software Offers: https://www.forbes.com/sites/martingiles/2020/03/19/free-software-for-businesses-and-schools-covid19/#18d1f9ea752d