Mobile and Remote Computing hit the #9 spot in the AICPA’s 2008 Top Technology Initiatives survey, and one aspect of that initiative is enabling work to be done outside of the brick-and-mortar office environment. Here are some points to consider in determining whether a telecommuting program is right for your company.
Start with a Business Case
- Quality of Life – Primarily for IT staff who have to perform systems maintenance outside of standard business hours—this enabled the staff to not have to stay at the office or be at the office late at night.
- Health Issues/ADA Requirements – Health issues or other physical disabilities that do not enable staff to come to the office. Telecommuting allows these staff to be accommodated (which may sometimes be required by law) and continue to contribute to a company that they’ve been with for a while.
- Business Continuity – This may be for IT staff to access the network and systems to troubleshoot and address problems remotely—enabling them to respond faster to after-hours and weekend problems. Additionally it can be used to properly shutdown or backup systems quickly without having to travel to the office.
- Staff Recruitment and Retention – Having a telecommuting program may give your company an edge up on the competition in terms of recruiting and retaining staff that want a more flexible work schedule and the ability to work from home.
Establish the Boundaries
- Legal Requirement – ADA compliance or health issues may require that an employer accommodate a telecommuting situation for a given worker.
- Job Requirement – Larger organizations tended to only allow telecommuting when the nature of the work required that a person be able to work remotely. Additionally some positions may perform a majority of their work at a customer/client’s site so remote access enables them to still use the company’s data and applications.
- Job Efficiency – Some positions by nature (e.g. outside sales) can be made more efficient by providing remote access to data and applications when the person is outside of the office.
There are also some reasons to not allow someone to telecommute.Supervision – This can either be where the person needs to be supervised and cannot be adequately monitored remotely, or where a person is supervising others and in working remotely they cannot adequately supervise their subordinates.
- Privacy/Confidentiality – If the security of data is covered by any confidentiality or privacy laws/regulations cannot be guaranteed (or risk of exposure not mitigated to a reasonable level) any work related to that data may need to be done in-office and remote access to that data denied.
Manage the Risks
- Establish Policies for Remote Access – Most forms of telecommuting allow a remote worker to access the corporate network and servers when not in the office. Because this is a “tunnel” into the corporate network and a possible access path for viruses or hackers, care should be taken to establish clear and comprehensive policies governing both the people and technical aspects of remote access. This should include penalties for violations of these policies.
- Manage the Devices – The device being used for remote access may be a PDA (e.g. BlackBerry or smart phone), laptop, or even a user’s home computer. When devices are used outside of the office, they are often at greater risk for theft. The devices themselves should be “locked down” or at a minimum password protected to prevent unauthorized access. Many organizations only allow remote access on company-owned devices or personal devices that have been certified by the company’s IT department to meet company security policies.
- Protect Your Data – Even data not subject to privacy laws/regulations may contain trade secrets or company competitive/confidential information. Data stored on remote devices should be encrypted whenever possible. Some devices can also be configured to automatically delete all data when a user fails to enter a given password correctly within a set number of times.
- Train Your Users – As with any security measure, user awareness and knowledge is your best defense. Many companies require that that users go through a training program that helps them understand the policies and technology associated before being granted remote access.