Posts

If You Have Remote Workers, Then

If you have remote workers, then how you manage your business and employees has, and will continue to change. We often talk about the technology that makes remote work efficient and that can help integrate teams. But supporting remote workers requires a broader perspective and understanding of the workplace.  As employers, we remain responsible for providing a safe, effective workplace regardless of where our employees work. Here a few considerations as you plan your hybrid and remote work strategy.

If you have remote workers, then you …

  • Are responsible for their work environments, including the same health and safety regulations that apply in the office.
    • Ensuring safe and appropriate workspace ergonomics, sound levels, lighting, etc. are responsibilities of the employer.
    • Provide your remote workforce with appropriate furniture, lighting, and ergonomic tools.
    • And yes, an employee working from home might be eligible for Workers’ Compensation if they trip over their dog while working.
  • Need to accurately track and manage working hours for non-exempt employees.
    • Avoid wage and employment related liabilities by ensuring hourly workers are compensated for all work time, including when they respond to the random off-hours email.
    • Setting clear policies and expectations can help avoid work hour, wage, and employment issues.
  • Are responsible for ensuring their work is secure.
    • Remote work environments must be managed and secured to the same levels as those working in the office.
    • Data privacy regulations, such as HIPAA, PCI, and SEC17, do not end at the office door.
    • Networks, systems, applications, and data require the same levels of protection regardless of location.
    • Similarly, physical protections must be in place for printed documents.
  • Can be accountable for intellectual property stored on personal devices.
    • Establish a clear policy and procedures for the use of personal devices for work.
    • Include the need for the company to install software or tools to manage the business’ information on the device, including but not limited to cyber protections, personal/work data separation, local encryption, backup/recovery, and the ability to remotely remove work related data in an emergency.
  • Want to avoid “in-person” bias.
    • Remote workers need mechanisms to participate in the informal conversations and interactions we take for granted when working in an office environment.
    • Supervisors and managers should help workers establish and build effective relationships, including those that offer mentorship and guidance, with direct co-workers and others in your firm.
    • Measures of performance should, explicitly, avoid the implicit bias that in-person visibility correlates to better involvement and teamwork.
  • Should understand the tax implications for your business, and employees related to working remote.
    • Having employees in other tax jurisdictions can make proper payroll tax withholding and filing more complex.
    • States may or may not have reciprocal agreements and some states are imposing new rules.
    • Remote workers may create nexus in some jurisdictions, triggering sales tax and other tax obligations.
    • Work with your attorney and financial advisors to understand your requirements and to ensure compliance.

Your Next Steps

Cloud technologies help facilitate remote work and hybrid work environments. You can deploy systems, apps, and tools to make remote and hybrid work efficient and secure. Remote and hybrid work models, however, span every aspect of your business.  Policies, procedures, operations, and culture all require attention, planning, and support.

Work with your legal and financial advisors, and your HR resources, to ensure  your remote/hybrid plans will benefit your business.

Third Party Apps: The Overlooked Data Risk

Privacy Button
It is easy to overlook. You see a cool app and install it on your phone. You see the prompt asking you for permissions. It is not clear what the app wants to access or why, but you want the app. You click “Grant” or “Allow” and away you go. Some third party now has access to your contacts, you schedule, and maybe even your files. 
Whether mobile apps, browser extensions, or freemium apps, your user community is installing apps and tools and granting access to your data. And while most apps are harmless and well-behaved, one rogue app can be a disaster.

Not all Apps are Trustworthy

Not every app, and not every app provider, is trustworthy.  And since most apps need access to some of your data in order to function, permissions should not be granted without some forethought. Preventing individual users from installing apps and granting permissions, however, is nearly impossible. Most small and midsize organizations have neither the money or resources to micromanage browsers and mobile devices — especially in our BYOD world.

There is a better way

Fortunately, for those of us running Google Apps and other cloud services, we have affordable solutions for monitoring and managing third party app access to your data.

Our Recommendation

If you are running Google Apps, we generally recommend BetterCloud Enterprise as our preferred solution for several reasons:

  • The Domain Health and Insight Center provides you with activity reports, alerts, and advanced reporting
  • Bettercloud includes a robust suite of Google Apps admin tools that are not available in the Google Apps Admin Console, including bulk actions, dynamic groups, and a user deprovisioning wizard
  • BetterCloud monitors and lets you manage third party app access to any data within Google Apps, and provides a trust rating to help you determine which applications pose a risk
  • BetterCloud monitors activity in Drive against business rules to ensure compliance with data privacy policies and regulations. BetterCloud will proactively modify permissions and send alerts to prevent accidental or intentional violations.

Our Offer

While there is a minimum fee for BetterCloud Enterprise, you can try BetterCloud for free for up to 30 days.  If you like what you see, we will waive the setup fees.  If not, you can keep running the Domain Health and Insight Center for free.

 

Best Practices: Policies for Using File Sync-and-Share Services

File sync share
One of the most popular cloud applications for small and mid-size enterprises is file sync-and-share. It makes sense: people need to share files and most file sync-and-share services are easy to install and use.

If not properly managed, however, file sync-and-sharing can result in data breaches and loss, and can place your company in legal jeopardy.

To minimize these risks, we recommend all businesses enact a simple set of policies that are easy to communicate and explain … and easy to follow.

  • Employees may use file sync-and-share services, provided they have an business need to do so, use only company approved and managed services, and adhere to company policies.
  • Only company approved services should be used for file storage and sharing; employees may not use free, consumer, or public apps or services.
  • Employees must keep their usernames and passwords for file sync-and-share services secure, and must manage these passwords in accordance with company policies.
  • Only relevant business information may be stored are shared using the company’s file sync-and-share services.
  • Unless otherwise instructed, file sync-and-share services are intended for temporary sharing of files. Original versions of files should reside on company file servers or services.
  • Access to files should be removed, particularly by external parties, when no longer necessary.
  • Copyrighted, private, or secure information should only be shared if both the sender and recipient are authorized to view and/or use the information. This information should be encrypted by the file sync-and-share service, or a separate tool, before it is shared.
  • The company’s file sync-and-share services are subject central administration and management, including access controls and permissions.
  • Use of the company’s file sync-and-share services is subject to all relevant company policies regarding professional and personal conduct. The company’s file sync-and-share services are subject to company monitoring in accordance with company policies.

With these policies in place, you can provide employees with vetted file sync-and-share services both meet employees’ needs to share and collaborate, while protecting your data, your regulatory compliance, and your business.

Our First eBook: 7 Policies for Every Company Using Drive

Cover.7 Policies for Every Company Using Drive
We are please to announce the launch of our new eBook series with the publication of 7 Policies for Every Company Using Drive. Based on one of our most popular 3T@3 Webcasts, this eBook discusses information privacy and security issues and policies that should be in place to protect your customers, your information, and your business.

Our new eBook series is part of our growing suite of resources intended to help educate and inform on topics related to Cloud Computing for Small and Mid-Size Businesses.

Click here to access the eBook.