The productivity benefits of telecommuting have been supported by numerous studies. The latest was conducted by Stanford University professor Nicholas Bloom and graduate student James Liang, who is also a cofounder of the Chinese travel website Ctrip.

During the nine-month study, Ctrip call center employees who volunteered to participate were randomly assigned either to work from home or in the office for nine months. Those who worked from home produced a 13% performance increase and handled 4% more calls per minute than their office bound colleges. Home workers also reported that they were much happier with their jobs and proved significantly less likely to quit. Plus, Ctrip estimated that it saved $1,900 per telecommuting employee for the nine months that the study was conducted.

Given these sorts of numbers, it’s likely that more progressive companies will either institute or expand their telecommuting projects in 2016. Providing access to internal systems and databases to telecommuters – as well as traveling employees and global team members – while still protecting data has long been a challenge for IT. It’s hard to open the front door while locking down the contents of the house.

Here’s what you need to know to help ensure that your remote workers are practicing safe computing.

Basic Best Practices

These are the tried and true methods that we all know will go a long way to keep data safe: manage permissions correctly to ensure no one sees what they shouldn’t, set access restrictions (who can access how much data and from where), monitor all activity to spot unusual patterns, and run connections through a VPN to protect data in transit.

Virtual Machines

If you have many workers who need remote access, consider creating virtual machines to more effectively restrict access to specific data and protect the rest of the network. This is a great solution for a group project involving a global team as well. At the end of the project, simply destroy the machine. You can do the same if malware is discovered in the virtual machine. But do set policies on the creation, use, and nuking of virtual machines, or you’re likely to end up with a virtual ecosystem that is unmapped and out of control.

Search and Destroy

Remote workers who access your network resources on mobile devices should be briefed on a plan of action to follow if the device is lost or stolen. Depending on the workers’ access to sensitive data, this plan would include activation of tracking apps or an ability to remotely wipe the content. Document the process and have the worker read and sign it as a condition of their contract/work agreement. Be clear that the worker has every expectation to uphold privacy in all circumstances with the exception of a lost/stolen device.

The obvious other option is whole disk encryption of mobile device drives, with strong password protection.

In the Cloud

Cloud services also need careful control. Use an enterprise solution (a significant number of businesses have opted for a consumer-level cloud which simply does not provide the level of security necessary for corporate data) and tell employees that files cannot be saved in consumer cloud or file-sharing services such as Google Drive, Dropbox, or Microsoft OneDrive.

Lock Down Their Machines

Telecommuters who do not come into the office should be provided with complete instructions on securing their home computers (including mobile devices) and a process should be developed that enables them to demonstrate compliance. The same goes for anyone who uses their own devices to catch up on work from home.

Security Training

Identity theft and unauthorized charges on credit/debit cards are the first things that come to mind when we think about the effects of data breaches. But stolen information can be used for phishing attacks and social engineering. Train all employees, especially telecommuters who may not personally know their colleagues, about these security issues. Develop a process for securing access information that takes the onus out of saying “no” to requests for login/password and other sensitive information.