Five key questions your telework policy should answer

When establishing a telework program for your company, you should strongly consider having a formal telework policy. This written document will outline the program, eliminate gray areas, and help to prevent future disputes. As with any business planning document, it should be considered a "living document" and therefore should be revisited at least once a year.

Your telework policy may contain a wide range of terms and conditions, but should definitely include answers to the following five questions:

1) Which jobs within your company are telework-friendly? Not every job is well suited for remote execution, and some job titles that are easily teleworked in another company may not be in yours. Along the same lines, what types of employees are best suited for telework? Be honest. Elements from previous performance appraisals can provide clues - generally, you're looking for self-starters, those who produce quality work on time and without a huge amount of oversight, and employees who are comfortable working independently.

2) Where can a teleworking employee consider a suitable "alternate work site"? For some people, like computer programmers, a coffee shop may work fine, but for others, like salespeople or customer support reps who are on the phone all the time, a dedicated home office may be required. Again, be honest, and do all you can to get buy-in from the employees so they don't find this decision to be a burden on their productivity.

3) What sort of equipment does a teleworker need, and who's going to pay for it? Does the remote worker need a dedicated laptop, or can they use their personal home PC? Do they need a dedicated phone line, a special phone, or a high-quality headset? Will they be handling company paper and require a fireproof safe or other locking file cabinet? What kind of software will be available to get them to company IT resources (VPN, Remote Desktop, etc)? If answered incorrectly - or worse, ignored - these details can impact efficiency and cause even the best worker to become less productive. With the right environment, that same worker is likely to gain productivity, so pay careful attention to these items.

4) What sort of communication schedule should the teleworker adhere to? Are there daily or weekly team meetings or conference calls already? If so, is there a good way for the teleworker to participate (i.e. conference bridge or WebEx/GoToMeeting)? If you don't have regularly scheduled communication opportunities, perhaps now is the time to implement them. What times of day should the teleworker be available for ad-hoc communication from colleagues, and, just as importantly, what times will colleagues be available for communication from the teleworking employee? Does everyone have email / IM / Twitter / Facebook to allow for comfortable interaction? Communication is perhaps the most subtle, but most critical stumbling block for telework - when we're not all in the same physical location, it takes a little bit of effort and forethought to ensure that teams still cohere, and that the company doesn't lose its sense of shared purpose. By scheduling regular communication opportunities, and establishing a solid calendar of coworker availability, you can achieve purposeful and productive communication rather than the random and often distracting communication at the water cooler.

5) Is telework right for you and your organization? We generally advise against full-time telework all the time. A day or two in the office each week, or at least each month, can be very valuable. Relationship-building, brainstorming, creative thinking, and many other aspects of business life simply work better when conducted in person at least some of the time. Working entirely distant from colleagues can be successful, but it requires such an extreme effort that the benefits are generally outweighed by the cost. For some, it is undoubtedly the right decision - but a decision that should be made with great care. In most cases, research and anecdotal experience points to 3 telework days each week (give or take 1) as the ideal scenario. In-office days can be used for creative, synergistic, team-oriented activities, and work-at-home days can be used for document creation, phone calls, and other more solitary work. When balanced properly, tremendous productivity gains are possible, so think long and hard on this question.

Security Alert Shows Web Remote Access Weaknesses

Remote computer access users beware - several new vulnerabilities have been revealed in existing solutions. One solution, LogMeIn, was noted to have such vulnerabilities with the exploits to take advantage and control your PC without authorization. More info here: http://securethoughts.com/2009/06/multiple-vulnerabilities-in-logmein-web-interface-can-be-used-to-control-your-computer-and-steal-arbitary-files/

This announcement leads to a critical question in today's hyperconnected world: just how secure is the web? The answer, sadly, is "not very secure". With the rapid proliferation of web browsers (IE, Mozilla, Chrome, Opera, Safari, and so on), the arms-race style of releasing new version upgrades before the ink on the last version is even dry, and (relatively) new technologies like PHP, CSS, javascript, and so on, browsers are increasingly vulnerable to attack.

Factor in the ever-targeted SSL / CA infrastructure at the core of browser-based encryption and site authentication, and you've got fertile territory for malicious forces.

So what's the solution? Don't use browser-based interfaces unless you absolutely have to. "Real" desktop software is remarkably portable these days - on USBs directly or via U3 or VMWare Pocket Ace, or via download on broadband that's available anywhere you have cell coverage, or even installed directly on the disk of a lightweight UMPC. These solutions can provide additional security through 2-factor authentication. There's no need to risk your critical information on web-based access tools. If you need to have a more secure solution you might want to look for a GoToMyPC alternative or a LogMeIn alternative.

Why Authentication Matters Most

Most websites and remote access tools use encryption as a way to imply security. The more encryption - measured in bits (i.e. 256 bit is better than 128 bit) - the better. Statements like "128-bit encryption, as strong as online banking" are common across the industry. While encryption is important, and such statements are true, they are also misleading.

Encryption strength only tells part of the story - the less important part, in my opinion. That's because no matter how strong your encryption is, your overall security is only as strong as the authentication used to begin the user's session.

Think about it this way: thick walls, barred windows, and barbed wire fences don't keep prisoners in jail if they can just walk out the front door without someone checking their ID. Similarly, you can have the best encryption, firewalls, and network intrusion detection tools in the world, but if your systems don't properly validate users, those measures won't keep attackers out. Poor authentication is the weak link in the chain, the wide-open door in an otherwise impenetrable fortress.

The problem is that if someone can defeat your authentication, the rest of the defensive systems don't know they're the bad guy. In fact, the rest of the systems - firewalls, etc - think they're actually one of the good guys. Once through the door and inside the walls, the attacker can act as if he or she were a real employee, and your perimeter defenses are rendered useless.

So, what can you do about it?

The answer is simple: implement 2-factor authentication (or 3-factor or more). 2-factor authentication - or multi-factor authentication in the general case - is achieved when a user's identity must be validated by two distinct types ("factors") of authentication. Typically, this means combining something you know, something you have, and (optionally) something you are.

The best real-world example is an ATM. The machine requires you to present both your ATM Card (something only you should have) and a PIN (something only you should know). If one is presented without the other, no money is dispensed. So, a stolen card or a stolen PIN is useless on its own. A retina or fingerprint scan may be added for additional security.

In the case of computer logon, the elements are typically a password (something you know), a USB authentication device (something you have), and an optional fingerprint or retina scan (something you are).

A good multi-factor authentication system thwarts most common break-in attempts, which are based on attacking passwords. Even if your password is lost, stolen, purchased, phished, or otherwise obtained by someone with bad intentions, they won't have your USB device or your finger (hopefully!), so the password does them no good. And passwords are compromised all the time. I've personally run across dozens of documents and pages on the web with passwords for the world to see, and those with more nefarious goals have access to thousands more. With passwords getting weaker and less reliable all the time, it is more important than ever to implement multi-factor authentication.

In the case of remote access, more so than almost any other application, it is absolutely critical to use multi-factor authentication, because compromised remote access systems open your entire network to attackers.

Top 5 Tips for a New Teleworker

If you are new to teleworking, there are a few things that might be important for you to consider in order to be as productive as possible. These basic things might help make the transition from the traditional office to the home office go smoothly. You should also recognize the your situation could be a little different, but for most part these are good ideas that can help keep you as productive at the house as you are in the office.

1. Have a separate and specific workplace.

Creating a separate and specific workplace is critical to being an effective teleworker. It doesn't mean that you can't mix it up on occasion, but when you are getting started you need to know where everything is and be able to access it quickly. Often as a teleworker you spend a considerable amount of time on the telephone. You don't want to have to jump up and look for the phone when your manager is calling, especially if they are not as sold on the telework idea as you are. It is important that they feel like you are in a productive environment.

2. Try to avoid Distractions

This tip is both for productivity and perception. Distractions while on a skype call or the telephone can be perceived as less than professional. You want to be sure that you have a distraction free area that you can work in during the day. Of course, less distractions will also mean better productivity. Another thing to consider is that home distractions are a little different then office distractions. Some people get distracted by a messy living room or a sink full of dirty dishes. If this distracts you mentally, then be sure to have the house "picked up" before you start your work day.

3. Take a lunch break

Teleworkers sometimes feel that they have to be at their computer for the entire day in order to respond to instant messages, skype requests, and emails immediately. But to be productive at home you need to take the same short breaks that you take at the office. Get up, take a walk, and eat a healthy lunch. One of the benefits of telework is being able to go to lunch in your own kitchen.

4. Get a great telephone

This tip really depends on what type of work you do. If you are a manager or part of a sales team then you might have to spend a lot of time on the telephone. If you are a computer programmer then maybe not. If you are going to be on the phone a lot, get a nice phone with a good "hands free" or speaker phone option. Using a cheap phone will make it harder for you to hear and will require more mental power to listen. Some people like to use headsets as well, so that might be a good option for you. And as a tip within a tip, be sure to have at least one phone at your work area be plugged into a wall. Conference calls can drag on for hours and your wireless phone batteries will not last that long.

5. Check in often

It is important that as a teleworker you initiate communication back with your group throughout the day. This gives your team a feeling that you are part of the group. Hoever, be sure that you are adding value to the goals of the team and not just being annoying. After your work routine gets established this need to connect may go away, but early on you want to be sure that you are adding value and contributing and you team knows that you are easy to reach.


Now, what are some of your top tips? Post any tips you have in the comment area or link back from your blog. Thanks.

Is Remote Access Over the Internet Safe?

If you telework, telecommute, or just travel a lot as part of your job, you may wish that you could access the files on your office or work computer remotely. But is it safe?

The safety of your remote access connection depends on many connected attributes. If done well, it can be perfectly safe, and tremendously helpful. If implemented poorly, your remote access systems can be a huge security hole. The two critical areas to manage to ensure secure remote access are authentication and encryption.

Authentication is key because it allows the software system to validate your identity. If another person can convince those systems that they are, in fact, you, then all other security elements are defeated because they will simply grant the imposter the same privileges the "real" you would have. Passwords alone are generally considered too weak for this purpose, particularly if you handle any sort of sensitive data - financial records, HR information, medical records, product information, etc. A "multifactor" authentication system (one where a password is combined with something you have, like a physical USB key, or something you are, like a fingerprint or retina scan) is necessary to truly protect your identity.

Assuming your authentication is strong, encryption is used to protect your data as it traverses the Internet between your remote device and your office PCs and networks. If the data isn't encrypted, anyone can intercept and read the information. With encryption, even if an attacker intercepts the data stream, they won't be able to read the information because it's scrambled. 256-bit AES encryption is the gold standard at the moment, because it requires an absurdly high amount of computing power and time to crack (by some estimates, 149 trillion years), and therefore protects your information against malicious use.

So, when the technology is implemented properly, you can indeed work from home safely.

Top 5 Jobs for Telework

Telework isn't for everyone. A factory worker, chef, elementary school teacher, airline pilot, or car mechanic would have a difficult time working from home on a regular basis - at least as their jobs are currently structured. Same for an astronaut, dog trainer, or anyone else with a hands-on sort of job description. Instead, telework is best suited for information-oriented jobs that rely heavily on the computer and telephone. These jobs might include writing, marketing, computer programming, engineering, accounting, legal work, etc.

Here are my top 5. How about you? Post yours in the comment area or link back from your blog, and we'll create a separate entry in a week or two with the best lists.

Top Telework Jobs

1. Computer programmer


2. Technical writer


3. Call center representative


4. Budget analyst


5. Medical transcriptionist

Telework Doesn't Mean Solitary Confinement

One of the main benefits to working from home or a telework center is the peace and quiet of avoiding rush hour traffic and the distractions of the office. Of course, one of the main drawbacks to working at home is that very same peace and quiet. It can get too quiet. Here are some tips for avoiding the isolation. Post yours in the comment area or link back from your blog and we'll publish a list in a few weeks.

Top 5 Ways for Teleworkers to Avoid Isolation

1. Turn on some music - not all day long necessarily, but some music (or even TV news like CNN, though I personally find this more distracting) can help to break the monotony and re-energize your creative mind.


2. Take a break and go outside - walk around the neighborhood, mow the lawn, or just go get the mail. Your coworkers in the office are taking breaks to get coffee, chat with colleagues down the hall, or go out for a smoke. There's no reason you should be chained to your PC.


3. Take a lunch break!


4. Contact your colleagues in real time - IM, chat, videoconference, txt message, twitter, FaceBook, or even the plain old telephone will do the trick. Just pick something other than email, which lacks the sense of conversation. Try to communicate with coworkers at least once before lunch and once after, to stay connected.


5. Get into the office on a regular basis - even if you think you could telework every day, the research shows that's a bad idea. At least one day of in-office time per week is a must-have for a truly effective telework program. That day is best spent having meetings, building relationships, and engaging in creative and strategic exercises. Save the email, web research, and document editing for another telework day.

Telecommuting Security Discussion

Interesting discussion underway at IT Business Edge regarding security considerations for telework...

Telecommuting calculator and IT checklist

Knowledge Network provides these useful tools for considering telework program implementation.