Let me clarify this. There is a big difference between securing a system for a telecommuter who merely answers some e-mails during occasional home working sessions, a part- or full-time telecommuter with critical corporate responsibilities, and an executive or technical expert who routinely carries around a laptop with a load of confidential corporate data.

These three categories would obviously require different rules regarding security and other issues, but they should fall under a general superset of rules that apply to everyone.

The general remote worker policy that should apply to all workers can simply be an extension or modification of your existing network user rules involving such things as not sharing details about the system with others, not modifying spreadsheet formulas or macros without authorization, not sharing passwords, not opening e-mail attachments, not visiting porno sites, not responding to spam, making regular backups, and so on.

[an error occurred while processing this directive]

Just take your existing computer usage policy and make some intelligent alterations and deletions that recognize the different situation faced by remote workers. This part should be simple if you already have a good computer usage policy; if you don't, this is a good time to develop one. Then, you can work from it when creating your remote worker usage policy.

Policy recommendations

I suggest defining two major categories of users for the remote worker policy: what I call full-use or full-access telecommuters and casual telecommuters. Road warriors will need some additional rules specific to them but will fall into one or the other of the two main categories.

These groups can be defined technologically. For example, does the person have a VPN link to the office network (full access), or does the person simply perform independent research and file reports, having no passwords or ability to link directly to the office network (casual users)? You can also group people into categories based on the kind of data they deal with (in other words, how confidential or critical the data is).

Large organizations with many telecommuters doing very different things will need more categories, probably taking the two technical groupings and adding subcategories for each depending on the kind of data handled by the employees.

My other telecommuter rules mainly stem from this basic requirement and the need to keep security configurations up to date on every computer. For example, I strongly recommend that all telecommuters connecting to the corporate VPN be supplied with a company-owned computer. When you think about it, this really isn't a major investment these days. A basic system is all most telecommuters will need. Hot P4 machines from Dell are suitable even for most advanced users, but cost under $1,000 for a complete system.
TechRepublic provides insight, advice, and technical information written by IT professionals for IT professionals.
Have the top IT experts by your side today--FREE!

Previous page |   1 2 3 4	| Next page

[an error occurred while processing this directive]

[an error occurred while processing this directive]