The importance of a remote access policy

Enabling remote access to an organization's network, systems, and data can benefit most any organization. This article discusses why having a policy about remote access can be beneficial to your organziation.

The benefits of remote access connectivity are well documented. Unfortunately, so are the dangers.

Lured by the many advantages, organizations have been quick to introduce remote access services. Remote connectivity introduces newfound flexibility. Enabling remote access to an organization's network, systems and data can benefit most any organization. Whether a small nonprofit seeks to enable volunteers to work from home, a small business' employees require flexible work schedules or a global multinational corporation needs to link engineers working in distant locations, remote access can prove a key feature in empowering communication and productivity.

But remote access also presents management challenges. In addition to often requiring additional technology investments for VPN security appliances and specialized firewalls, telecommuting employees present a new dynamic that could prove disruptive to production processes. Worse, remote access creates additional security risks that must be carefully reviewed and monitored, particularly if the organization works with sensitive information or data.

Not for everyone

Remote access, despite the advantages, is just not for everyone. Employees requiring access to student or medical records may likely find it best to work from a secure location using data access methods consistent with federal legislation and industry guidelines governing the use of that data.

In other cases, due to the nature of the work being performed, employees must be physically present onsite. Offering a telecommuting assignment to a sales associate responsible for greeting clients in a retail store, for example, would not work. Nor would it make sense for a lab technician to try working from home if a child became sick.

Other employees trying to work remotely might disrupt a carefully orchestrated production process, such as is often found in printing and manufacturing facilities. Still others don't possess the discipline necessary to work effectively and productively when outside the office (especially when distractions such as children, the telephone and cable television are present).

For this reason, telecommuting and remote assignment decisions are best left to departmental managers. Most organizations will want to let departments extend telecommuting and remote access privileges as they deem appropriate.

A panacea for others

If past trends and higher gasoline prices are any indication, the number of employees working remotely will continue growing. According to an annual survey from the International Telework Association and Council, some 45 million Americans reported working from home (within one month of taking the survey in 2005). Further, the survey claimed employee telecommuters increased 30 percent in the past year and revealed that some 26.1 million people work from home at least once a month (and more than 22 million work from home at least once per week).

For these growing legions, the ability to remotely access organization networks, systems and data can prove the difference in spurring productive and profitable days. Organizations that can leverage remote access' benefits would be unwise not to, especially if doing so helps improve morale (as is often the case with telecommuting projects).

Policy helps mitigate dangers

Whether your organization is already committed and employees are traversing remote connections, or if your organization is contemplating taking the plunge, many remote access dangers can be mitigated with an effective remote access policy.

Your organization's policy should be sure to address several issues, including:

  • How decisions are made as to which employees are eligible for telecommuting assignments and remote access privileges
  • What behavior constitutes acceptable use of remote access connections
  • Acknowledgement that any organization equipment provided to employees remains the organization's property
  • Potential penalties resulting from violations of the organization's remote access policy

Just rolling out the policy won't eliminate risks, however. The Information Technology department must diligently enforce the policy. For more information on implementing effective policies, review the TechRepublic articles" Use a policy audit to ensure that your policies are followed," Learn how to win support for your new IT policy," and "Creating an IT policy that works."

You can quickly implement a remote access policy in your organization by downloading TechRepublic's Remote Access Policy. Included you'll find a risk assessment spreadsheet that will help you determine the importance of such a policy to your organization's security along with a basic policy that you can use and modify. You can purchase it from the TechRepublic Catalog or download it for free as part of your TechRepublic Pro membership.