The events of the last month have led to you deciding to start hiring remote.
That’s great news (and we can help with that – check out our Virtual Hiring Fair), but I’m sure you have a lot of questions as you start to think through the process of getting your new employee up and running.
Here are ten questions that you should answer before you hire your first remote employee.
- How can we on-board new people and get them up and running?
- How do we manage a remote tech setup – how do we get our new employee access to the dev environment, tools, software, etc?
- Should we do Asset Tracking?
- What about company information on employee laptops?
- Should we use MDM (mobile device management) tools and/or endpoint protection?
- What about VDI or jumpboxes?
- How can we provide secure access to on-premise servers/data?
- And what about the cloud?
- How about a knowledge base/company wiki?
- What kind of company handbook should we have?
There is no “one-size fits all” approach here as the answers depend on the size of your company, the kind of network setup you have, whether you’re in the cloud or not, what kind of security posture you need to maintain, the nature of your intellectual property, and many other variables.
So, with that being said, here are some possible answers to these questions. Use these answers as a place to start and modify them to suit your particular situation.
On-boarding a new hire
At VanHack, we ensure that a new employee has access to all systems and all necessary accounts are created at least one day before the employee joins.
On the employees’ first day, they have a meeting with HR first thing in the morning (video conference), and that’s where our Head of HR shows them how to access the basics (email, calendar, Slack, Confluence, etc), and provides a presentation with embedded links to everything.
Then, throughout the day, the employee is expected to explore their new environment, and ask any questions on Slack.
Tech Setup
Beyond the basic setup, the next step is to get developers up and running.
In our case, our entire dev environment is based in the cloud (Azure), so we don’t have to worry about any on-premise data/access.
We have a granular process in place for only granting permissions that a new employee really needs to do their job, and we pair every new hire with an experienced employee for the first month.
Our staging and dev databases are completely purged of any real data, and are backed up on a daily basis, so a new hire can’t really do any damage even if they do make a mistake (and everyone makes mistakes).
Access to the production databases is extremely restricted.
It typically takes a new hire about a week to get comfortable with the tech stack. The buddy shows them where all the repos are, how we do CI/CD, any API integrations, etc.
Think about how your development process works and map it out in granular detail. This will enable you to quickly and easily on-board a remote employee (and usually helps everyone in the team as well.. it’s not uncommon to discover servers or services running that everyone had forgotten about)
Asset Tracking
Asset tracking is necessary if you are going to dispatch hardware to your new employees. You need to keep track of which laptop/dual-monitor setup was sent to whom.
This is not just to get stuff back when an employee moves on, but also for accounting. If you’re claiming depreciation on your assets (and you ought to be), you need to know where they are, when they were purchased, and a whole host of other details! Your CFO will tell you everything you need to know.
Asset Tracking can be a very complex subject, but if you’re just starting out, you can keep it simple with a spreadsheet that tracks things like the serial number of the equipment, purchase invoice number, employee ID, date sent, and so on.
You should also make sure your employment agreement explicitly mentions what will happen to any company equipment if an employee leaves the company. Do they get to keep it (some companies let you keep equipment after it’s been fully depreciated)? Or do they have to return it? Who pays for shipping (tip – you should be sending them a pre-paid shipping label. It’s not a good look to ask a former employee to pay to ship you back your equipment).
Company Information
If you don’t use any form of MDM/Domain-joined computers, you will need to ensure that company info is kept safe and private.
This starts by putting clauses about managing corporate information in your Corporate Code of Conduct that every employee is expected to read and acknowledge reading (you do have one, don’t you?)
There are technical solutions to protecting data, but remember that even the most locked down remote laptop won’t be able to stop people from taking pictures of the screen with their phone.
The better way to manage this is to enable access logging on sensitive information, along with alerts if people starts to dig through things they aren’t supposed to.
Add a good MDM/Domain Managment solution to this and it will keep the vast majority of data safe.
Do remember that most people are honest by default and simply need guidance around what’s acceptable and what’s not.
You cannot protect against true bad actors with any technical solution – that’s where the Code of Conduct and your corporate lawyers come in.
MDM and Endpoint Protection
MDM and Endpoint protection tools have gotten very sophisticated, so it’s worth exploring your options. If you’re on Windows PCs, Microsoft offers a very comprehensive suite of Active Directory + MDM Tools to keep your data safe across laptops and mobile devices. These can be complex to setup, though, so you may want to hire a third-party to do it right if you don’t have the in-house expertise.
Apple Macs can also be (somewhat) managed through Active Directory, and there are other tools like Jamf Pro that are designed for a Mac-only environment.
All of this depends on your security posture and perceived level of risk. The important thing is to make an informed decision rather than winging it. You may choose not to implement anything at all on the employee laptop, and instead focus on securing data on the servers, and that’s perfectly viable (that’s how we do it). Just make sure that you can justify the decision you made.
Access to on-premise data/servers (VDI/jumpboxes)
The easy answer here is to set up a VPN. However, there are other alternatives as well, some of which are easier than setting up (and managing) a VPN.
For example, you could consider setting up a few Remote Desktop systems that employees can log into from the Web, using something like Apache Guacamole. This eliminates the need to manage a VPN infrastructure and can be quite effective if you want to keep your internal data on the internal network but need to grant some access occasionally.
There are also full fledged VDI solutions out there if that’s what you need.
On the Cloud
Since we have everything on cloud-based services, we simply make everything available on the web – secured via authentication that is tied to our employee directory.
Employees can log in to every service that way, and if someone leaves, we revoke one account and they are immediately locked out of everything else.
Azure and AWS both provide robust Identity and Access Management solutions that you should explore.
You can also enable logging and monitoring that alerts you to patterns of suspicious behavior.
Knowledge Base / Company Wiki
It’s very important to capture institutional knowledge in a permanent fashion. This really isn’t just for remote-only or remote-first companies, but applies equally to all companies.
At VanHack, we use Atlassian’s Confluence to capture all our internal processes and knowledge. The wiki is open to all employees, and most have edit rights.
We don’t have a centralized system of controlling publishing, but every department manager is empowered to choose their own system. This loosely-centralized model works well for our size of company. Larger companies may need to dedicate a team to ensuring wiki quality.
Company Handbook
A good company handbook is very important for a remote-first company. The handbook needs to including everything – company culture, policies, rules.. and also links to every single tool that the company uses along with ways to get help when stuck.
Take the handbook you have, and go through it with fresh eyes. Can you honestly say that it contains everything you need to get productive? No omissions, nothing taken for granted? Is every tool mentioned? Do you have links to everything? Can you get help if you need to? Does the handbook tell you how?
This document needs to be kept updated as well. The company handbook is usually managed by HR, but you need to stress its importance to every single department head – otherwise, HR will be fighting a losing battle to keep it updated as your company implements new tools and processes. Everyone should be notifying HR when something changes or is newly added.
Conclusion
As we said up top, these answers are just a starting point to get you thinking about your company and your specific needs. What works for us may not work for you! We hope that this post is useful to you as you begin the exciting process of hiring your first remote employee.