Rethink Your Remote Work Policies and Procedures
At this point, your agency must have some sort of remote work program, given the impact of the pandemic. However, that doesn’t mean it couldn’t improve, especially if policies haven’t changed since the Telework Enhancement Act of 2010. Now that agencies are shifting from the mindset of temporary adjustments to that of permanent remote work, policies and procedures related to offsite operations must be established.
When updating policies to accommodate permanent remote work, it’s vital that agencies clearly define what their agency worksites, alternative worksites and official worksites are. After all, remote work is an alternative work arrangement that involves an employee performing their official duties at an approved alternative worksite away from an agency worksite.
The terms are defined by OPM as follows:
- Agency worksite: An official federal agency location where work activities are based, generally considered a centralized location of an employee’s assigned organization
- Alternative worksite: Generally considered an employee’s approved telework site
- Official worksite: The agency worksite for most employees, including teleworkers. For a remote worker, the official worksite is the alternative worksite to which the agency and the employee agreed, such as the employee’s residence.
To avoid claims of favoritism or unfair or inequitable practices, OPM recommends establishing policies that clarify the criteria by which remote work arrangements will be evaluated and approved. This is vital because approving a remote worksite may affect pay, travel reimbursement and unemployment compensation.
REVIEW: The latest CISA guidance on supply chain security for customers.
How Agencies Can Ensure Secure Offsite Operations for Remote Staff
With the additional vulnerabilities that come with remote work, agencies must be prescriptive in their offsite security procedures for employees. Remote work policies should outline any special guidelines that remote workers must follow regarding security and confidentiality of information.
Remote security should include guidance on information systems and technology, along with
aspects of the information systems used by the employee, including paper files, other media, storage devices and telecommunications equipment.
How Agency Networks Should Evolve to Support Environments
Moving to permanent remote work in some capacity requires a long-term commitment to work collaboration tools, such as Teams and Slack. It also requires investment in the latest cybersecurity best practices (such as zero trust) and in infrastructure that allows remote workers to perform as effectively as their on-premises counterparts.
Even a couple of years into remote work, some reports show that organizations remain too careless when managing technology that enables hybrid or remote workplaces. The same report found investments in technology and the introduction of new software solutions and communication channels were hindered by inadequate IT management, unclear responsibilities and too little security training. Remote work calls for new security solutions, and zero trust and DevSecOps are both viable methodologies to handle evolving threats.