Top 4 Tips for Healthcare IT Managers to Address Remote Worker Challenges

By Kari Lidstone, CIO Services and Pete Heinlein, Technical Services

Since the pandemic has forced many businesses, including provider practices, have had to adjust how their workforce is deployed. Many have transitioned to remote models with staff—both clinical and non-clinical—working from home or other out-of-office locations. This dramatic shift in IT processes doesn’t come without risk. In an ideal world, the change to remote working setups would involve well-thought-out policies and controls to protect patient, employee, and practice information. Instead, IT managers are working in real time to adapt best practices to uncontrolled networks and equipment.

While you can’t control everything, there are measures you can take and guidance you can provide for employees to help them set up and maintain their remote work stations with the best available safeguards. Here are 4 tips for IT managers, along with some helpful references. We’ve also included a link to our Remote Worker Tip Sheet that you can send to workers to help them more securely and safely connect home-based systems to corporate resources.

1. Organize and document your efforts

Documenting your efforts can be as simple as a spreadsheet that keeps track of which employees are working remotely, what equipment they’re using (home computer, employer computer, or other equipment), and key specifications such as operating system and applications, including versions. That information can help you if issues arise that need your support and will help you track equipment once employees eventually return to the office.

2. Accept that you can’t control workers’ home networks

The lack of control over workers’ home networks is a big—and valid—concern. It’s also one of the toughest to address. Even if you could require how security for their personal network is set up, given the wide range of ISPs, routers, firewalls, and software platforms, the time and effort involved to do so is beyond what most IT managers could accomplish even in normal circumstances. At minimum, ask workers to review their Internet router and Wi-Fi settings and send you a screenshot of how they’re set up so you can add that to your spreadsheet. If remote workers don’t know how to access their settings, ask them to try using their ISP’s online support pages or contact them for help. Two helpful resources you can offer:

• https://routersecurity.org/ includes step-by-step instructions
• https://www.cisecurity.org/white-papers/cis-controls-telework-and-small-office-network-security-guide/ offers many tips and additional resources

If a remote worker absolutely needs to access sensitive data and you have no other way to secure their network, a corporate or private VPN can provide a secure tunnel for Internet access. There are many cost-effective options to choose from, and they’re relatively easy for remote workers to set up.

3. Help remote workers use company computers if at all possible

Clearly it’s not ideal to have employees use a home computer for work, especially if that computer is shared with other family members. If you can safely get company computers to remote workers, that gives you the most control over the situation. At the very least, you’ll know that security patches and anti-virus/anti-malware software are installed and up-to-date, that the basic applications the worker needs to access are already installed, and that RDS access and security protocols are set up. If you can’t get work computers to high-priority employees, consider buying equipment and having it shipped to them.

It’s also important to give employees policies for the use of work equipment. For instance, a work computer should never be used by other members of the household or for non-work activities.

• See our sample use policy to help create your own policy for appropriate use of company equipment

4. Help employees make their home computer as secure as possible

Sometimes the least-favorable situation is what you’re left with to help employees stay productive during this time. This is where your spreadsheet can be helpful as you work with remote employees to make sure their home computer is as secure as possible.

At the very least, you’ll want to help them:

• Ensure that their OS is up-to-date and set up to install regular security patches. Note: Windows 7 is no longer supported by Microsoft, so no security patches are being released, which leaves these systems far more vulnerable to malicious actions as well as viruses/malware. If the computer hardware is still relatively new, consider whether the company can pay for an OS upgrade.
• Set up individual user profiles to keep work data and applications completely separate and protected from other users in the household.
• Set up two-factor authentication wherever possible
• Install and activate anti-virus/anti-malware software – see our Tip Sheet for more details and suggestions
• Add URL filtering such as that provided by Cisco OpenDNS that prevents users from browsing unsafe internet sites. The Home version is free and is simple to set up using the step-by-step directions on the web site. See Cisco OpenDNS: https://www.opendns.com/home-internet-security/

To learn more about managed IT services, drop us an email: info@medtechsolutions.com.