6 Ways to Stop the Loss of IT Assets to Remote Workers

Some remote workers work full-time outside of company walls. Others telecommute when traveling on business or when stuck at home because of illness or adverse weather. Further, distributed teams, comprised of remote workers working together, is becoming the norm, according to WeWork. Unfortunately, a lot of the employer’s IT assets get permanently lost to remote workers who have moved on to a new role or team, up to a higher job position, or out of the company.

SolarWinds’ Matt Cox

“As businesses become increasingly digitally driven, their number of IT assets grows, which makes keeping track of hardware and software difficult — especially with the rise in remote workers who are spread out across the globe,” said Matt Cox, senior director, technical operations, ITSM at SolarWinds.

For whatever reasons, 70% of people globally work remotely at least once a week, according to a study by IWG. Companies routinely provide IT and telecom assets to remote workers to facilitate the work and control security measures. Employers also replace hardware and software in regularly scheduled upgrade cycles, or to replace damaged or lost items. This can lead to a pileup of IT assets in remote workers’ possession where IT can easily forget they exist once they are no longer supported or tallied as “in service.”

“If an employee never comes into the office, it’s harder to ensure their software maintains the correct licensing. When they leave the company, making sure they return their equipment can be a daunting task. But equipping workers with the right tech tools is important to attracting and retaining top talent and keeping them productive, so distributing IT assets is unavoidable,” Cox added.

Security providers are often called upon to aid with managing and maintaining these assets. That work typically starts with an IT audit, but that’s only part of the action that should be taken. We consulted with several professionals to see what they recommend be added to a remote asset-management plan. Here are the tips they offered.

Desired Outcomes’ Omer Kaan Aslim

1. Remember that asset retrieval has multiple components and plan accordingly. “These include: implementing equipment tracking software; documenting equipment assigned to employees; requiring employees to accept and sign an equipment agreement that includes a list of received equipment that must be returned upon termination; and informing employees that the cost of any equipment that is not returned by a given date will be deducted from their final paycheck,” said Omer Kaan Aslim, president of Desired Outcomes. “Organizations should inform terminated employees that shipping costs associated with equipment returns will be reimbursed.”

2. Consider adding VDI to your BYOD plan. “Virtual Desktop Infrastructure (VDI) allows all of the user data to be securely stored and controlled in corporate environments, offering the end user a workstation like an experience along with corporate resources anywhere in the world,” explained Ian McClarty, president & CEO of PhoenixNAP Global IT Services.

“Companies are moving toward a BYOD mindset where the employee is able to provide their own devices – laptops, cell phones, and tablets – on top of VDI technologies. Employees are usually given a yearly stipend to source their own equipment and maintenance plans,” McClarty added. “The burden of making sure the equipment is operational is on the employee but the tradeoff is choice and being able to upgrade equipment past the standard if the employee wants to pay the delta. In this model equipment is not returned, if there is an early parting of ways, a prorated stipend is taken from the last paycheck.”

3. Make a plan to proactively manage data and app access. “Employees can access business apps hosted in the cloud from any device, on or off of the corporate network. IT departments can minimize post-termination access by …

… limiting how employees interact with the software while employed. Defining access levels in the beginning will make it easier to remove access permissions when an employee leaves the company,” said Heather Paunet, vice president of product management at Untangle.

Untangle’s Heather Paunet

4. Trust but verify, and then keep verifying. “Employees who pass initial vetting and background checks may now or in the future face any number of situations that entice them to break that trust: pressure through intimidation; being passed over for promotion; extortion or blackmail; offers of large amounts of money; or simply a change in personal conditions. Organizations reliant on existing mechanisms to ensure the trustworthiness of employees and contracted parties with access to sensitive information will find those mechanisms insufficient,” said Steve Durbin, managing director of the London-based Information Security Forum.

5. Consolidate and automate. “Consolidating all IT assets under one system provides a visual of the life cycle of the technology infrastructure, making it easier to track software license and hardware device regardless of location. Companies can better identify where there is overlap or new technology needed because there is a clear record of each item,” said Cox. “Complying with software licenses becomes more complicated when IT assets are dispersed because it’s harder to manage warranties and refresh cycles. Automating risk detection can help monitor if the correct licenses are in use and active for all software. This helps cut down on remote workers using unlicensed software on their work devices.”

6. Integrate asset management and IT service management. “The Center for Internet Security (CIS) lists inventory and control of hardware and software assets as the top two recommended basic controls. Automated, centralized IT asset management can fulfill these recommendations. By integrating asset management and IT service management, IT has the foundation it needs to secure data and prevent a breach while managing the entire life cycle of an asset, from onboarding through reclamation,” said Ian Aitchison, senior product director, ITSM at Ivanti.