Implementing an IT Work From Home Policy is incredibly important, especially today. More employees are working from home than ever before and the practice is trending up. In fact, 81% of businesses are improving employee retention by implementing flexible working, according to a 2019 International Workplace Group study.
Well-meaning remote employees, whether working in the field or from home, introduce new vulnerabilities into your IT systems. Putting a formal Work From Home Policy in place will help protect your invaluable business data as well employee and customer information. The consequences of a breach can be huge for your finances and reputation. The time it takes to implement a formal Work From Home policy is minimal and it could be invaluable for your company.
Methods for Remote Access
Specify how your employees can access the company’s IT systems, including their company email and calendar. Explain how they can access your virtual private network (VPN) to make it as convenient as possible. Equally as important, specify what methods for connecting to your systems are not permitted.
Standards for Using Personal Devices
Provide guidelines about how your team can use their own computers, tablets, and phones to access your business systems and perform work. Detail what security provisions are required such as malware detection and software updates and what type of devices may or may not be used. Explain expenses the company will, and will not, reimburse related to the use of personal devices such as data.
Protecting Company-issued Laptops and Tablet PCs
Information available through or stored on Company-issued portable computers is especially vulnerable to outside security threats, so special care should be exercised to protect these devices. How do you wish employees to safeguard their devices both physically and online?
Lost or Stolen Devices
If a connected laptop or desktop PC is lost or stolen, whether it is personal or company-issued, how should the employee report it? Detail who they should report a stolen device and how quickly they should report it. Even better, provide suggestions for keeping personal and business devices safe physically.
Personal and Company-issued Devices at Termination
Create a signed agreement for how terminated employees will return devices on their last day of employment with the company. Also form an agreement about how the company will ensure that all business-related information will be removed from personal devices upon termination. Termination is always a tricky issue, make sure there is a clear understanding up front.