How to monitor remote employees during the quarantine?

Let’s consider some examples of reconfiguring corporate network and endpoints for monitoring remote employees.

Quarantine 1

We consider that corporate laptops and mobile workstations will be taken out of the corporate network. We can suggest the following options:

1. Configure VPN-server in the corporate network and enable remote access for employees so they could connect to their workstations from their home PCs through Windows remote desktops (mstsc.exe).

Quarantine 2

2. Temporarily provide employees with corporate laptops or mobile workstations for remote work. Configure port forwarding from external white IP address of the corporate network to StaffCop Server. It requires reconfiguring of the corporate router and of the StaffCop endpoint agent.

3. Provide VPN connection of remote employees to the corporate network and configure working desktop of employees on the corporate terminal server. This will require a StaffCop agent installed on the terminal server.

3. Provide VPN connection of remote employees to the corporate network and configure working desktop of employees on the corporate terminal server. This will require a StaffCop agent installed on the terminal server.

Let’s define what actions are required for the system to work correctly and you could monitor remote employees.

Let’s define what actions are required for the system to work correctly and you could monitor remote employees.

1. The network administrator should install and configure a VPN-server, preferably with authentication by domain name or password. If this kind of authentication can’t be configured, then the VPN-server should be configured with new user accounts. To make the process more secure we recommend allowing connection only from a defined range of IP addresses to exclude the possibility of connections through public networks that lacks proper security.

2. Enable the “remote desktop” option in Windows or Linux for all remote employees.

3. Write a guide on how to connect to Windows remote desktop. Or use the ready guide. At this step a system administrator should make a list of correlations for PC names to IP addresses. It’s recommended to enable the filter of incoming IP addresses for RDP connection so an employee could connect only to his corporate workstation.

4. Configure a VPN-connection to the corporate network on all the workstations that will connect to the corporate VPN-server, the best way here is to follow a guide or use some ready solutions allowing to create an installer of VPN-clients in “a single click”.

5. Check the configured network scheme and make sure that the data collected from remote employees are displayed in StaffCop.

Some issues may occur when implementing any of these schemes but in general they can be carried out in short terms by your IT department.

Temporarily provide users with corporate laptops or mobile workstations for remote work.

Possible solution: configure port-forwarding from external white IP address of the company to StaffCop Server. This requires reconfiguring of the corporate router and StaffCop Endpoint agent.

Quarantine 3

1. The network administrator should open port 443 or any preferred port for StaffCop Server situated within the corporate network.

2. In the configurations of StaffCop agents specify the white IP address of the corporate router.

3. Check the configured working scheme and make sure that the data collected from remote agents is viewed in StaffCop Enterprise

Be secured!