WFH: Remote Data Access and Data Security

WFH: Remote Data Access and Data Security

This may be the single biggest concern you may have to address when looking at WFH. When your employees are working in your offices, you control their methods of access to company data. For example, when they are on-site, they access through a network you have secured. They visit via tablets, PCs and mobile devices that your IT department maintains. In other words, you have much greater control over data security.  Once access goes remote, data security becomes a bigger challenge.

Here are just three examples.

  1. Employee knowledge of the potential risks to your data may be limited. Employees aren’t trained as experts in data security and are probably unaware of the many ways data may be compromised. As a result, when left on their own, they may be far more likely to inadvertently take actions that compromise your data or create vulnerabilities that would not be possible when on-site. As a result, if you go to WFH, you will have to provide ongoing training to everyone about the potential risks to company data and their responsibility to maintain secure behaviors.
  2. IT has greater challenges overseeing security. Your IT department has a serious challenge in keeping up with data security. That challenge grows exponentially as your workers disperse to remote locations where IT has considerably less control over access tools and network connections. It is also much harder for them to update tablets, PCs, mobile devices, etc. with the latest software and security updates when that hardware is located who knows where. Again, this means pushing responsibility for upgrades and security patches onto individual remote employees.

    Companies that were designed around the model of onsite employees accepted as “normal” a paradigm of centralized control over the IT infrastructure by the IT department. With WFH, however, the IT infrastructure and its oversight become decentralized. IT management suddenly becomes even more complex, requiring far more planning and careful design than ever. With WFH there are far more moving parts.

  3. The BYOD problem. BYOD–Bring your own device–is just an extension of the above two points. Once you allow employees to use their own devices for work, that makes decentralized IT support even more difficult. Not only does IT have to support devices remotely, they also have a wider range of devices to support. Handling this involves a calculus of interests you will have to weigh against each other. BYOD can save you equipment costs. It is also generally popular among employees.

    WFH increases your IT oversight costs and increases data security concerns. It is an issue that you have to consider when evaluating WFH policies.

Three different issues about WFH you may have not considered.

Three different issues about WFH you may have not considered.

Today’s blog is a look at three different issues that don’t get much coverage in discussions of the implementation of a WFH policy. Much of the conversation tends to focus on productivity and oversight issues. Here are three you should consider.

WiFi
Once your employees move off-site and WFH, or anywhere else for that matter, very serious data security issues arise. Whether at home or in a coffee shop, your employees will be accessing your data via WiFi connections that will not have the levels of security or firewalls that you have in place in the workplace. This may be the single most important security vulnerability that you face with WFH. Resolving this will take a strong combination of employee training and IT support and control over remote tools and approved software applications. This is one area that you will definitely need the services of an IT specialist with deep knowledge of these security issues.

PBX v. VoIP
Moving to a WFH environment may be what finally pushes you into the work of Voice over Internet Protocol. (VoIP). If you aren’t already aware, VoIP is a voice communication toolset that takes you away from traditional “telco” lines and moves voice onto the internet. In short, you give up wires and send your voice over the internet when you make a phone call, instead of sending via traditional methods through the “telephone” provider.

What does this have to do with WFH? The traditional office phone system –the PBX–is a location-based, on-site system. It offers little flexibility once employees move off-site and becomes of significantly diminished value. VoIP offers many tools unavailable on a PBX that can improve collaboration and communication among employees and between employees and clients. In short, a PBX is a leftover from an earlier era that just doesn’t work in the modern environment. VoIP offers multiple communication tools that a PBX just cannot provide. Also, VoIP can be a significant money-saver. It can lower per-minute costs and is less expensive to maintain and support.

FLSA
Don’t leave human resource questions out of the mix of issues that WFH raises. In the US, most employment is governed by the US Fair Labor Standards Act. This is the 1938 act that set the standard 40-hour workweek, Federal minimum wage, and requires overtime for certain classifications of employees. Similar, often stricter laws exist at the state level, and sometimes even municipal.

What matters here is that when an employee who is required to be paid overtime beyond 40 hours per week is working from home, you are responsible for determining that they are compensated properly if they cross the 40 threshold. Just because it is convenient for them to do a little extra work when it comes up does not absolve you from OT requirements. In this case, collaboration with Human Resources in developing policies that protect both you and your employee are essential.

WFH: How we got here.

WFH: How we got here.

If you’ve been in the workforce for a while, you remember what life in the office was like a few decades ago. The uniformity of the structure was pretty much the same, no matter what office you worked in. It was 9-5, or some such standardized schedule for everyone. You had your own desk/office/cubicle. They gave you a PC for your desk. It was heavy and didn’t go anywhere, especially not to your home. You had your office phone–part of the company PBX. They gave you pencils and paper and other things you needed, and… there you were.
Then, everything sort of began to splinter apart and “The Office” wasn’t “The Office” anymore.

Suddenly, you were given a company mobile phone. They could reach you off-hours. Then, residential broadband internet became widely available. They swapped out the big desktop PC for a company laptop. Now you could use that laptop with your new broadband and work from home at night. Answer emails at 11 pm. But you probably still used company equipment for company tasks. But then you got your own cell phone, you own laptop, and your own tablet. Suddenly, it was easier to use your own technology and forget about the company-provided equipment. This gave birth to the idea of BYOD (Bring-Your-Own-Device). In the end, this made it possible to do your work outside of the office, outside of the scheduled workday. Then WiFi was added to the mix and you could work from a coffee shop or the local park on a nice day. Long story short, Work From Home became possible and, to many of us, a very attractive alternative. However, as a business owner, getting your arms around a successful WFH policy can be a challenge.

In summary, WFH represents challenges to both traditional ways of handling IT, and traditional ways of managing a workforce. To what degree WFH will dominate the work experience in the future is unknown. However, it should be expected that it will not go away. The workplace will return neither to 2019 nor to 1980. The point is, WFH will require paying serious attention to how we handle and design our business’s IT infrastructure. As forward-thinking managers, we need to realize, as mentioned above, the paradigm of a centralized IT infrastructure is outdated. No matter what, even partial WFH will require us to redesign our IT models to support activities that are widely dispersed. This will create threats, but they can be handled. The point is that you need to proactively find the IT management design that can provide the infrastructure that works for the new WFH business model. For smaller firms especially, you will only find the depth and breadth of knowledge by finding a managed service provider with experience in your industry.