Enabling employees to work from home (WFH)

Need assistance?Explore solutions

Businesses have long considered an impeccable remote work experience to be a key element of their contingency plans. Now, the ripple effects of COVID-19 are making remote work a necessity across all industries.

COVID-19 is transforming the way organizations work in the wake of a viral outbreak. Remote work is on the rise, and the traditional work environment may soon become a thing of the past. That said, the IT departments are tasked with provisioning and securing WFH endpoints to ensure an uninterrupted remote workforce.

This section covers the following topics surrounding how to enable employees to work from home

Creating a secure, productive work-from-home (WFH) environment

A WFH action plan for endpoint management and security

Monitor productivity while telecommuting

Ways to enhance the WFH experience

Creating a WFH environment

An IT administrator is tasked with orchestrating a WFH policy for their organization. Their first step is to ensure all the remote endpoints are managed, and that the IT department tends to all the endpoints used by employees for remote work.

If you’re asked to formulate a WFH plan for your organization, it’s beneficial to view all your WFH endpoints from a single console for easier management. A bird’s-eye view of the endpoints employees use while working from home empowers IT administrators to enforce better WFH policies to maintain business operations and employee productivity.

	LAN agents	Remote office agents	Roaming users
SGS already configured	There’d be no issues.	Configure them as roaming users.	There’d be no issues.
SGS newly configured	Download and execute ‘UpdateServerDetails’ script.	Download and execute ‘UpdateServerDetails’ script. Configure them as roaming users.	Download and execute ‘UpdateServerDetails’ script.

SGS - Secure Gateway Server

Refer to our document on the management and discovery of WFH endpoints for detailed steps.

Manage and discover WFH endpoints

A WFH action plan for endpoint management and security.

Even if an organization has the necessary WFH policies in place, there are a few challenges pertaining to managing and securing remote endpoints that may creep up over time. This is because enabling work from home for an entire organization in times like these can be arduous.

Here’s how an IT admin can use ManageEngine’s endpoint management and security suite of products to address these challenges:

Automate patch management for all remote endpoints
Distribute business-critical applications
Prevent installation of unwanted applications
Restrict the usage of USBs to combat data exfiltration
Handle BYOD scenarios with utmost security
Access to corporate resources
Broadcast announcements remotely
Manage disk space using preventive maintenance tools
Troubleshoot endpoints remotely
Facilitate employee onboarding
Enforce security configurations and ensure compliance
Lock down corporate endpoints completely

Not all vulnerabilities require immediate attention. Therefore, it is recommended to assess vulnerabilities based on their severity, age, patch availability, etc.
Remediate these vulnerabilities by creating and configuring an automated patch deployment (APD) task to scan the endpoints for missing patches and deploy the missing patches automatically.
Always remember to create new restore points before patching remote endpoints.

Tip: Help employees stay productive by notifying them before deploying a patch, and give them the flexibility to postpone the deployment and subsequent reboots. In addition, you can tailor the deployment policies to cater to each user’s environment.

Ensure that all endpoints have the recommended versions of business applications. Generate a custom report to view the versions of different applications present on remote endpoints.
Distribution of applications can be initiated either by an administrator or by the user. By publishing applications on the self-service portal, you can empower users to install or uninstall software at their disposal.
Automate the creation of a software package using over 5,000 templates, and deploy the package for silent installation.

Tip: To keep all your applications up-to-date, automate the update of software templates as and when the latest version is available. This way, you can stay on top of critical vulnerabilities.

Create a list of blacklisted applications that equate to a loss in productivity and cause compliance issues. Automatically uninstall these applications upon detection.
Ensure only enterprise-approved apps are present on all corporate-owned devices, and distribute and containerize corporate apps on personal devices.
Whitelist applications and permit only these applications to run on remote endpoints.
Block malicious executables, and enable file scan rules to identify the presence of unwanted files on remote endpoints.

Tip: Govern privileges to ensure that admin privileges aren't granted to too many users. Group all the applications that require admin privileges, and create a custom group to define users who can install these applications.

Create a configuration to block or unblock the usage of USBs. You can exclude a few devices either based on the device instance ID or the vendor.
Impose restrictions on file transfers based on the file size and type. Keep an eye on the data that is posted to or copied from external devices.

Tip: When required, grant temporary access to devices outside your network. Define a stipulated time frame during which the external devices can access corporate endpoints.

Segregate personal and corporate apps by containerizing corporate data, and encrypt this container to ensure corporate data security.
In case of loss or theft, enable Lost Mode to locate and remotely lock the device. You can also perform a complete or selective wipe remotely to ensure there is no data loss.
While trying to access a corporate endpoint using your laptop or desktop, you can blacken the monitor for security purposes, and leverage the two-way file transfer tool.

Tip: For efficient management of personal devices, group all personal devices and apply the corresponding policies and applications to this group. Every time a personal device is enrolled, add the device to this group and the associated policies will be deployed automatically.

Connect to your corporate endpoints securely and leverage a two-way file transfer tool to access corporate resources.
Add the required corporate resources such as documents to a central repository and distribute this content to WFH endpoints.
Automatically update the content on all the endpoints by uploading the modified version.

Tip: To secure the access of corporate resources, prevent users from sharing it with other devices or copying it to other apps.

While working remotely, communication is the key to keeping your business up and running. Communicating with end users is as important as any other clause of a WFH policy.
Broadcast announcements to end users, and create a configuration for a message box to appear on the end user’s screen.

Tip: Leverage built-in communication channels to initiate a text-based chat, voice, or video call with end users. This comes in handy when you want additional insights while troubleshooting remotely.

Utilize system tools such as Disk Defragmenter, Disk Cleanup, and Check Disk to steer clear of unnecessary files taking up too much disk space.
Run a file scan to identify the types of files present on endpoints, and remove unwanted files using our file folder configuration.

Tip: Configure email alerts to receive an alert every time the disk space falls below a specific threshold, or the available free space is less than the stipulated size. You can create a configuration to delete temporary files automatically.

Gain unattended remote access when a device is in kiosk mode or the end user is not tech-savvy enough for troubleshooting.
Collaborate with other technicians, and record the remote session for auditing and educational purposes.
Obtain the user’s stamp of approval every time before initiating a remote session to ensure user privacy.

Tip: You can shadow users during a remote session and take over the session when required. This comes in handy when an adept technician is expected to train other technicians. You can also disable end-user inputs for faster resolution.

Perform OS imaging and hardware-independent deployment across remote offices. Define a set of configurations to be deployed while onboarding, such as configuration of browsers, firewalls, printers, and Wi-Fi.
Schedule and update employees’ mobile devices’ operating system automatically.

Tip: Group the necessary configurations as collections, and deploy this collection as soon as a computer is added to Active Directory.

Deploy security configurations at several intricate layers, such as passwords, browsers, and access management.
Audit and detect non-compliant devices, and take measures to ensure compliance at all times.
Deploy configurations to prevent data leakage through browsers and web-based threats.

Tip: Schedule the generation of reports, and have these reports sent to your email address to get a bird's-eye view of your organization’s remote endpoints and users. This will help you in taking proactive measures, rather than reacting to the repercussions.

Lock down an endpoint to a specific set of corporate applications and prevent users from modifying device settings.
Whitelist trusted websites and renders them as a browser kiosk using Browser Lockdown, thereby restricting users’ access to the address bar and toolbar.
Implement a Zero Trust approach for the usage of external devices such as USBs. This approach will assess whether a device is trustworthy each time it requests access to an endpoint.

Tip: Enforce role-based access control to assign the appropriate rights to users depending on their role and the tasks they perform.

Monitor productivity while telecommuting

Generate user logon reports to monitor the logged-on users/computers, user logon history, users who frequently or rarely log on, and computers with frequent or rare logons.
Using the power management reports, you can view the detailed system uptime and downtime reports, which will display the start and shutdown times.
Meter the usage of applications to monitor the time spent on each one and keep an eye on the use of unwanted applications.
Monitor each user's web activity to get insights on the websites visited and scrutinize their browser history.

Tip: Restrict access to websites that are not related to work. Besides optimizing productivity, you can mitigate insider threats by restricting access to potentially malicious sites.

Ways to enhance the WFH experience

Create custom groups for the detected WFH endpoints. This makes it much easier to target the right remote endpoints when you have to perform tasks on them.
Subscribe to receive alerts for every important event that’s logged so nothing goes under your radar.
Schedule and generate reports automatically to perform periodic audits and promptly detect anomalies.
Apply a filter based on your custom columns, and export this view for analysis so you can further enhance your organization’s WFH policies.