With the continued effects of COVID-19 on our country’s workforce, many employers are still allowing employees to work from home. If your company is sending home people with company equipment, the International Association of IT Asset Managers (IAITAM) has this advice:
- Sign out and track all IT assets before employees can leave the building with them.If you allow employees to take home IT assets, they should be formally signing them out.
- If you haven’t already, put a reliable firewall and password protections in place to prevent unauthorized access to company systems. Of course, you will also need the ability to handle the increased demand for remote access from home.
- Ask employees to sign a non-disclosure agreement (NDA) that applies specifically to the data they can access outside the office.Company data may be considerably more valuable than the equipment where it is stored. You need to protect the company’s information, and you also need to help employees understand that the NDA they signed is a serious responsibility.
- Provide education and training to employees about how to responsibly manage their equipment and the company’s data.Teach employees that they are not to allow a spouse or a child to use company IT assets such as a smartphone or computer. They also should not use company IT assets on public Wi-Fi networks offered by other businesses.
- Monitor employee data use and other remote practices. Employers generally want to assume every employee can be trusted, but that isn’t always the case. Insiders, not hackers, cause most data breaches, and it is probably easier for information to be stolen at home than at work.
- Tighten up the reins on bring-your-own-device (BYOD) practices. The reality is that the longer someone is out of the office, the more likely it is that they will do company business on their smartphone, computer, tablet or other BYOD asset. For example, employees may receive work emails on a personal smartphone. Employee contracts or company policy forms can have language in them to give data rights to the organization. Another approach is to have the IT asset manager write an addendum giving data rights to the organization. That way, the employee may own the device, but the work-related data is 100% owned by the company.
You may need to create forms for your employees so they can work from home successfully without exposing you to risk as the employer and business owner. Please call our office if you would like help drafting the necessary forms.