With ever-higher gas prices putting the squeeze on employee wallets, some Clareity Consulting clients are exploring creative ways to help employees, including having some of them telecommute at least part time. According to a popular telecommuting website¹, 40% of the U.S. workforce have jobs that could be performed at home, potentially saving 625 million barrels of oil annually – that's over 80% of our annual Persian Gulf oil imports! Telecommuting also has a positive environmental impact.

However, there are some telecommuting issues to consider and manage. Some employees can't work productively at home while others work too much and burn out. Sometimes employees who can't work remotely resent those who can, and telecommuting can have a negative impact on employees working as an effective team. Managers used to a high level of hands-on organization, communication, and productivity measurement may be frustrated unless compensating mechanisms are implemented. There may be additional IT and management costs for facilitating remote work, and there are also possible liability and workers compensation issues that must be evaluated by human resources staff².

Finally, consider that one of the most disastrous information security breaches in U.S. history – involving the personal information of 26.5 million veterans, occurred because an employee took sensitive data home and didn't take steps to properly protect it³. Ask yourself, "Does my organization have appropriate information security policies and practices to address the risks of telecommuting?" The following questions need to be answered via a strong information security policy:

• What information can be taken from the office to a home office or to other locations?
• Are the computers being used at home properly secured? What are processes for ensuring:
  • Operating System security hardening
  • Platform and software security
  • Anti-virus / Anti-malware practices
• Is only authorized, licensed software installed on telecommuters' computers?
• If the employees work with sensitive or confidential information:
  • How is sensitive information securely transferred between work environments, both electronically and physically?
  • Can employees provide physically secure home environments? Do they have a media safe? Is there a process for proper disposal of both physical and electronic sensitive data at telecommuters' location?
  • How is sensitive information encrypted ‘at rest'?
  • Are employee computers on a separate firewall segment from the remote network, and is network traffic strictly controlled?
• If wireless access is used, are routers securely configured and use constrained to WPA encryption?
• If allowing additional remote network access, consider your VPN:
  • Is the VPN ready for increased load?
  • Is the VPN property encrypted?
  • Are individual accounts set up with appropriate privileges?
  • Does the VPN require a strong password be entered at every connection – or even use two-factor authentication?
  • Do the accounts time out after a short period of inactivity?
  • Is split tunneling disallowed?
  • Are banners displayed regarding monitoring?
  • Is there auditing of remote access?
  • Do users know not to engage in risky computer activity while connected via your VPN?
• Does the policy cover what to do if there is an information security incident involving company data in the remote work location?
• Are there appropriate and secure methods of backup and disaster recovery for remote locations?
• Are telecommuters regularly trained on security requirements for remote locations?
• Is there a process for monitoring and enforcing policy security compliance over time?
• Have managers and telecommuters signed off on all of those policies and procedures reflecting the questions above?

Telecommuting is a very exciting opportunity that allows employees to save on ever-more-expensive gas costs and to protect our environment. It's not the right thing to do for every organization, and it won't be possible for every job to be done remotely. Some Clareity Consulting clients are considering alternatives such as allowing some employees to work four days a week and ten hours each day and organizing carpools. However, if management takes the aforementioned steps to ensure employees are properly managed and to protect the organization against legal and information security risks, telecommuting can be a worthwhile endeavor that merits consideration.

About the author: Matt Cohen is Clareity Consulting's Chief Technologist. Matt has spoken at many conferences, workshops and leadership retreats internationally, and is a well-regarded real estate industry expert on real estate software, product and project management, risk management and information security.

Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses. Clareity has successfully executed a vast array of projects, including:

• Request for Proposals (RFP) for MLS, public records, and transaction management systems
• Regionalization and data share facilitation
• Strategic planning
• Contract negotiation
• Executive Recruiting and Placement
• Information security and business continuity assessments
• Project planning and management
• Software and system design and review
• Mergers, acquisitions and strategic alliances
• Market research including surveys and focus groups
• New product marketing and business plans

For more information, visit http://www.CallClareity.com

¹ http://undress4success.com/
² http://www.businessweek.com/smallbiz/0003/sb000320.htm
³ http://www.securityfocus.com/news/11393