Creating a telework plan? Check out these tips from experts

Oct 19, 2011 1:48pm

By Emily Eckland, NCSA Managing Editor of Digital Media

Security and accessibility are two crucial items in all telework plans.  Will your employees get company-issued equipment, or will they use their personal devices? Will you give them full access, or limit what they can do remotely?

Technology experts at the Fall 2011 Telework Exchange Town Hall Meeting say the key steps to creating a telework plan are taking inventory of your technology, determining the role of your employees and the type of access they'll need, and creating a risk mitigation strategy.

Typically, a good place to start is to give employees basic collaboration technology, such as email, an instant messaging program, or VOIP, says Susie Adams, chief technology advisor for Microsoft’s federal division.

Depending on the employee’s work environment, they could use an email client, a web-based email client, or receive no access to email.

Employers should also remember that access can be customized, depending on the role of the information worker and their duties. 

“It’s not a one-size-fits-all solution anymore,” Adams says.

Adams also recommends looking at the applications and devices employees are using to determine their type of risk level.

If you decide to allow employees to use personal devices, think about security risks.

“You may do something that saves money, but what are the collateral issues? What happens if a device gets compromised? What’s the responsibility of the employee if the device gets broken?” says John Sawislak, senior fellow at the Telework Exchange.

Employers should also think about what happens if an employee’s personal information is compromised.

If an employee is using a personal device, many employers don’t want to be responsible for the personal information leaking out, says Sean Donelan, project manager for Network and Infrastructure Security at the U.S. Department of Homeland Security.

“Problems arise if there is a failure with the device.  [Within the federal government,] if the personal device is compromised, the employee must turn it over to the agency,” Donelan says.

Here are some best practices for teleworking from Ron Ross, Senior Computer Scientist and Fellow, Computer Security Division of NIST:

  • Limit applications for employees; only give them access to applications they need.
  • Give employees the least functionality, and the least privilege.
  • Establish a virtual private network.
  • Enable automatic software updates and virus scanning so employees don’t have to worry about keeping their devices up-to-date. “It’s very difficult to ensure on a personal device that all the configuration and full disc encryption are actually employed on a personal device,” Ross says.
  • Create session locks on devices so users have to type a password.
  • Make sure employees have encryption-enabled WiFi at home.

For more information, visit the Telework Exchange's website.