An employers guide to the new dawn of home working
Three months ago most of you who are not working for a startup probably did not know what WFH meant. Today if you have not heard this acronym, where have you been. WFH or “Work From Home” has become the new norm. As countries around the world lock down because of Covid-19 companies are either voluntarily or through Government legislation moving their workforce to a work from home scenario.
There are many potential issues with this that need to be considered. Below I have listed just some of the main ones that if handled properly will at least setup your workforce to work efficiently, safely and securely. Basically there are 4 main categories that I think any company needs to consider:-
In the office everyone has a desktop or a laptop and normally these are company owned and controlled. They are managed by the IT Department or outsourced IT Company and they should only have company related software installed, they should be up to date with patches and fixes and they should have virus and malware protection installed and updated.
At home in a WFH scenario often employee are using their home computer. This is often a computer shared with other family members and the security and management of the home computer rarely matches that of the office computer. When a staff member is asked to access corporate data from home they are risking the security of that data due to one or many of the following:-
- Home computer often has no username and password to login meaning all family members have access. This can lead to sensitive corporate data being accessed by people who should not have access.
- Home computers often have lots of unlicensed software installed with children installing games, apps being installed from untrusted sites and test software installed from unknown sources and not deleted. With these softwares coming from unknown and untrusted sources the chances of hidden code to steal information etc is much higher.
- Home computers often have poor security. They are not protected by the corporate level firewall that most companies have in the office and neither are they updated with latest patches and fixes like a corporate managed computer would be. Often there is no Antivirus or Anti-malware software installed and if it is the chances are it may not be updated regularly. This can led to many issues with home computers being compromised security wise.
A solution for this is to ensure your IT Department or outsourced IT Company has a plan or procedure in place to ensure the basics are done to secure and protect your staffs home computer. This can be done by remote access and regular checks. Alternatively you can consider providing all your WFH staff with company supplied notebooks but that is a significant investment.
Depending on where you are in the world determines the quality of internet connection your staff will have at their home. In places like Hong Kong and Singapore home broadband connections are often faster and better than those in the office. I wont go into the reason for that here but this is the case.
However in many other countries the rural areas have been left behind and we are seeing the problem from this in that home workers have slow and inadequate internet connections to allow them to do their work efficiently. There is not much that can be done with this other than to understand the employees situation and allow for it.
In an office environment an employee has a username and password and possibly a token to allow access to corporate data. Everything is secured and done locally and no data leaves the corporate environment.
In a work from home scenario users probably do not have a VPN (Virtual Private Network) connection to the office which will restrict their ability to access corporate systems and data. Without a VPN anything they can access runs the risk of being intercepted and therefore a data breach. When internal IT departments quickly setup remote access for WFH scenarios they often simply reduce security protocols to allow staff access. This is the wrong approach as security is the same whether staff are in the office or at home and it could be argued that security needs to be ramped up for WFH staff. Consider implementing VPN’s for all staff and ensuring that there has not been any reduction in security policies.
For total confidence in the security of the companies data and systems all companies should consider implementing a Zero Trust Security Model. For many organisations that are using Microsoft you can refer to this excellent article from Microsoft on the implementation of Zero Trust Security Models : https://www.microsoft.com/en-us/itshowcase/implementing-a-zero-trust-security-model-at-microsoft
One area that is almost always forgotten is actually managing the process. Very often employees are simply told to work from home. An employees gets home and tries to do some work only to find that they don’t know how to access or that the access does not work and they end up contacting IT Support who help to fix it. In addition there are no guidelines on how to work from home, how to setup your environment, what is expected from you, how to interact with colleague etc. It is often a free for all to work it out themselves.
All companies should have strong processes and procedures in place to ensure their staff can work from home efficiently and effectively. These need to be planned and tested and then implemented.
Also with WFH staff you lose the personal interaction so it is easy to become distanced from your colleagues from an employee perspective and difficult to understand who is doing a good job or struggling from an employers perspective. As an employer it is hard to keep a finger on the pulse of relationships and issues amongst staff as well as to monitor employee well being and if anyone is having issues. All companies should look to implement a system that handles the following:-
- Guides and manuals of how to work from home effectively so staff can be on boarded to a WFH Environment.
- Best practices of work from home scenarios in terms of communications.
- How to ensure the home computer is fit for purpose.
- How to get help from IT to resolve issues.
- Contact details for key stakeholders in the employees current work and preferred communication method.
- Goals in terms of short term deliverables that can be monitored.
- Performance monitoring so a manager can monitor how effective and efficient the WFH strategy is.
There are many pitfalls to a WFH strategy can cause serious harm to a company so managing the process well is essential. If a company follows the above guidelines they will position themselves to be well places to be successful.
If your company is struggling to WFH securely and effectively in this new WFH Era please contact Henrik on his email firstname.lastname@example.org to see how FunctionEight can help you.
Written by Phil Aldridge