If we were to have a chat about the feasibility of you and your employees working from home the conversation would go something like this.
These are the topics we’d cover:
- Practicalities
- Policies
- Hardware
- Security
- What can nTrust do for me?
- Alphabet Soup – abbreviations explained
Practicalities
Can I work from home?
That depends. What do you want to do?
I want to work from home.
OK. Let’s ask some questions. Make a note of how you answer 1, 2, 3 etc. We’ll then let you know what we advice.
First, what do you do at work?
- Absolutely everything I do is accessible anywhere.
- Email, one-off Word & Excel and being on the phone to internal and external colleagues.
- All the above plus access to large numbers of on-premise documents.
- All the above plus internal business applications (accounts packages, MRP, internal web sites)
- I need access to physical equipment that is heavy, has specific infrastructure needs and is installed in only one location.
Second, how does your work working environment compare with your home working environment?
- My home setup has bigger screens, a better chair, and quieter surroundings.
- It’s about the same.
- I have less space at home, but it’s OK.
- I’ll be working from a laptop on the sofa.
- I don’t really have anywhere to work
Third, how do your work and home networks compare?
- My internet is way better than work’s, and my internal network is fine.
- They both work, it’s fine.
- So long as I’m the only one on the internet at home, it’ll be OK.
- I’m going to be on wi-fi, and my home wi-fi isn’t good.
- I don’t have an internet connection.
How did you answer?
• If your answers were all 1s and 2s, then you should have no difficulties.
• Where you’ve answered in the 3-4 range, you should look at ways to improve that before you need to work from home.
• If your answers were all 5s, you probably can’t work from home.
How to interpret your score and likelihood to be able to work from home:
I need access to internal business applications (that’d be 4), however, we have a VPN and a Remote Desktop Gateway & Server environment so I can access those applications anywhere (so 1).
At work I have dual screens, a laptop with docking station, a VOIP phone, and a multi-function printer/scanner/copier. At home, I have slightly smaller dual screens, a desktop computer, my mobile, and a slower printer/scanner. I could take the VOIP phone home and it should work, but I need to test that, and I’d need a power supply for it. Call that a score of 2-3.
The work internet is way better than my home internet connection, but I do have a reliable internet connection and my desktop doesn’t use wi-fi. That’ll be a 2.
To be clear, we have done some work at nTrust to make sure we can work from home or from client sites, and remote working is a thing we have used for years.
If your organisation does not currently have a remote working capability, you will need to evaluate what you need to provide for employees to allow them to work from home effectively and securely.
- Make sure that you understand what people need to access remotely and how to provide that access.
- Make sure people have adequate equipment at home to access your systems.
- Realise that people working from home will be limited by their internet access.
Common scenarios:
Office 365
We have an Office 365 subscription, some cloud applications like Xero, and some Word/Excel files we keep on a shared drive on a ‘server’ in the office. What can we do to enable remote working as quickly and cheaply as possible?
- Office 365 email will work anywhere
- Xero and the like will work anywhere
- Word and Excel files can be moved from the shared drive to Microsoft Sharepoint, and then accessed from anywhere, either through a webpage or the Onedrive client installed on the PC.
- Microsoft Teams can be installed and used as an instant message and status application so you can chat to colleagues and see if they’re free, busy or not logged in at all. Teams can also be used as a VOIP telephony application to take external calls.
VPN Connection
We have some web-based internal resources in our office which remote workers will need, and an awful lot of documents on our file server. We can’t just sling them all up to Sharepoint as there’s terabytes of stuff that probably won’t be needed.
With a reasonable office router and a fixed office IP address, you can set up a dial-in Virtual Private Network (VPN) which will let you connect and securely access files and resources (like internal web sites) in the office.
This can be really sophisticated and completely integrated into your network, or a bit of a last-minute add-on, but it does take a bit of planning to do.
Remote Desktop
We have some fat-client, server-based applications (Sage, SAP Business One, JobBoss, whatever) that will not work except when server and client are in the office.
There are various ways of allowing access to local applications, but a Remote Desktop server will let multiple employees access an application in your office from multiple different locations simultaneously. It can be properly secured, controlled and managed. It’s an additional server in your infrastructure, so you may need to shuffle things to make room.
Validation
There’s nothing like try before you buy. If people need to do remote working, make sure it works for them before they need to do it.
- Some domestic routers and internet connections need VPN or VOIP connections to be unblocked or enabled.
- Some wi-fi may work fine when you’re in the lounge, but not work in the back bedroom when it’s converted into home office.
- Sometimes the home and work ends of a VPN network clash and one of them needs to be re-configured (unlikely to be the work network that gets re-configured)
- Sometimes the home PC someone plans to work from won’t connect because it is way too old to work with the company network.
- Not all company VOIP handsets and desktop PCs will take well to being taken home to do remote working with.
- Ask your IT support provider what ought to work, what can easily be made work, and what you absolutely need to do to make a particularly essential thing work.
- Do not be tempted to compromise on security to make remote working happen. Sooner or later you will regret that.
Policies
If you are letting people work remotely for the first time, you need a set of rules and guidelines for them to follow. To a large extent, they’re for you to set and enforce at the right level for your organisation. You might want to consider these suggestions:
- Employees must have strong passwords (8+ characters, 3 of 4 from uppercase, lowercase, numbers & special characters) and multi-factor authentication for email and cloud services must be enabled.
- Employees should work between the hours of (say) 9 and 5
- All user equipment outside the office that accesses sensitive data must be encrypted.
- Employees will not allow other people to use equipment provided for remote working.
- Employees may use their own devices or computers; but they must be fully patched, have a supported OS (no Windows 7 machines) and not be rooted OR
- Employees must use machines with company-provided MDM software installed to access company resources (Microsoft Intune for example) OR
- Employees must use company-supplied computers or devices to access company resources
- If you print out sensitive data at home, you must destroy the printout when finished with
Hardware
Once you’ve decided to allow remote working, you need to make sure that your staff have appropriate equipment to work from home. This can be existing company equipment, their own kit or a mix.
Company Equipment
If people just take their company screens and desktops home, the computers will probably work fine. The applications on them may have issues. The data people need to access may still be in the office. Understand what will and what will not work in this situation before doing it.
- If you’re running Windows 10 machines, consider whether you should encrypt their hard drives using Bitlocker before letting them out of the office.
- Check that people can log onto a machine when it is disconnected from the office network before letting them take it home.
Employee Equipment
You’re going to let someone access your data from their machine. Are you happy with the implications?
- Have they got a supported and fully patched computer or mobile device (Windows 7 isn’t supported and shouldn’t be used.)
- Have they got appropriate anti-virus software?
- Can you be sure that your files will not accidentally end up on their computer after the need for remote working is over? Could that be a data breach under GDPR?
- If the employee is using their internet connection to work on your data, are you happy with their internet connection, router and wi-fi security? How do you know it meets your standards?
Mixed Equipment
Your company 24” LED screens, keyboard and mouse go to make extended working at your employee’s laptop with a 12” screen bearable; or your desktop gets plugged into their home screen so they’re not using their teenager’s games machine to hold your data. Fair enough. Record what’s going on. Not that you don’t trust them, but you need a record of your risks.
Poor Home wi-fi
You want to work from home, but the best place to work is somewhere with poor wi-fi. You could try PowerLine adaptors which overlay network traffic on the domestic electricity supply. Best running on the same ring main at both ends, and through as few extension leads as possible.
Poor Home Internet
Possibly too late to do much, but there are a lot of people who have not upgraded from ADSL to FTTC. Upgrading the connection may involve an engineer visiting the site, so may or may not be possible or advisable. It will probably also need a new internet router.
Security
In the office, you have all your data and applications in a central place with adequate security.
When you allow remote working, you need to make sure you do not compromise on that security.
- Office machines, external hard discs and USB sticks should be encrypted before they leave the office if they will have sensitive data stored on them. If they cannot be encrypted, then they shouldn’t be allowed out (actually, maybe you shouldn’t be using them at all)
- Employee-owned machines should meet your security standards and have anti-virus software and possibly remote management software installed on them.
- Employees connecting to the office should use encrypted connections to be as secure as if they were in the office.
- Strong passwords and Multi-Factor Authentication (MFA) should be enforced for all employees and applications.
- Employees should be reminded of their obligations and responsibilities.
Abbreviations explained
Device Encryption – If the storage media on a device is not encrypted, it is easy to access data on it if someone has physical access to the machine. Encrypting a disc, or USB stick, or phone or tablet makes it impossible to access that data without having the encryption key.
GDPR (General Data Protection Regulations) – legislation safeguarding personal data administered by the ICO with potentially eye-watering fines for non-compliance.
ICO – Information Commissioner’s Office
Intune – Microsoft’s MDM software, running on Android, Apple and Windows; securing applications and data.
MDM (Mobile Device Management) – software which makes it easy to mandate and manage applications on mobiles, and even block connection to the company if the machine does not meet acceptance criteria.
MFA (Multi-Factor Authentication) – additional security for your connection to cloud-based resources. Typically, as well as a username and password, you input a constantly changing code provided by an app on your phone.
VOIP (Voice over Internet Protocol) – telephony over the internet – your handset could be a softphone on your laptop or something that looks like a conventional telephone plugged into the network.
VPN (Virtual Private Network) – communications protocols which allow secure encrypted connection between computers.
If you would like our help to implement secure, remote working for your employees contact us on 03331 50 60 70 or email us.