We have about 175 users here. Some of who need (or perceive the need) to have access to remote in from home. We really don’t do anything formally. We don’t give out VPN access freely because of the usual security risks knowing how insecure home computers can be. IT staff here has it because we can fix our own problems. We could go the laptop route, but my opinion is that the fewer laptops out there, the better from a support and security perspective. Products such as LogMeIn or GoToMyPC are viable (we use LogMeIn to access some of our remote sites), however it requires the user to install an applet on their PC and it means that if their PC at work is having trouble, then they’ll need someone to support it after hours. The other issue is that if our remote access software breaks the user’s home PC, then we may become responsible for fixing it.
The big issue is that we are not a 24/7 IT operation. We work primarily M-F, 8-5 – with a few of us on call 24/7 for emergencies, in addition to some after-hours work to get things done you don’t normally do during business hours. If we enable people to work from home remotely, then like it or not, we will become on call 24/7 for routine support matters which will create issues for me and my employees at home. The phone will ring no matter how many times you tell people that it’s for emergencies only.
As it is I get the occasional wake-up call at 4:00 am for a logon or workstation issue by an inconsiderate employee who could care less that my wife and kids are sleeping.
So where do I strike a balance that meets the needs of users, IT staff, and security concerns? Anyone out there find a magic bullet that works for their organization? Has anyone had any issues with requiring people to be on call 24/7 for routine matters? Rotating on-call? Extra compensation? Outsourcing after-hours stuff?
TIA