Since the very beginning of the COVID-19 pandemic, companies have had to adapt quickly to their new reality to maintain their operations and their sustainability. For some, the introduction of teleworking was one of the approaches that had to be implemented or improved at top speed, which generated a new way of operating. Thus, the ways of operating that were in place prior to the pandemic may no longer be adapted to the reality of a teleworking workforce.
Risks in Telework
Teleworking requires some governance to reduce your company’s exposure to additional vulnerabilities. There are many types of risks that could be discussed and detailed in this article, but we’ll limit ourselves to a few, with the goal of raising your awareness.
- A fire caused by the employer’s computer. A fire caused by an employee’s laptop can be a risk and an uncertainty for your organization. For example, if it is the company’s computer and there is extensive damage to the building or a total loss, the damage costs could quickly exceed $1 million. The first instinct would be to think that the employee’s home insurance would cover this loss. However, this may not be the case. In fact, the company’s general insurance would probably be involved in the claim, which is why it is important to verify that the organization is protected for this type of risk before implementing teleworking. Depending on the case, to benefit from these protections, it may be necessary to include a statement in the company’s insurance policy that it has specific places of business (fixed addresses) and also multiple sites with its teleworking employees.
- An introduction by breach and information security. No one is safe from a home theft. If such an event occurs, it is highly likely that the company’s computer will be stolen. As a result, everything on it in terms of data could also be stolen. This information can be a gold mine for criminals and its leakage could cause significant damage not only to your company, but also to all those concerned by this data. It is therefore important to put in place strict rules, controls, IT security systems and technological solutions to protect company data accessible from a teleworking site.
- Cyberattack and unauthorized access. When teleworking, sometimes the level of attention decreases, as does the vigilance to potential cyber threats. It is necessary to periodically educate employees on how to properly respond to these threats, for example, by having them participate in training sessions, testing their knowledge, or conducting phishing campaigns to evaluate them. In all cases, performance reports should identify gaps so that they can be addressed quickly. The company shawl also have a technological infrastructure that includes all computer security mechanisms to prevent intrusions or contamination by a remote computer. Conversely, the employer must also be aware that its own systems could contaminate the personal computers of teleworking employees. Employees must also be aware of this risk and be informed in advance of the rules governing repair or replacement costs (who will pay or assume the losses).
- Call Management. Avoid forwarding office calls or phone lines to a teleworking employee’s personal home line. This approach is risky and can tarnish a company’s image and, in some cases, violate privacy rights. For example, suppliers or customers could have access to employees’ personal phone numbers and ultimately find out where they live and bother them on site with other occupants. Immediate family members could answer a business call, and in the case of children who do so, provide personal information without the knowledge of the teleworking employee. Also, an occupant of the residence could be listening in on discussions from another device. Finally, some employees have office phone lines that are recorded. A transfer to a personal home line or the installation of an on-site recording device could collect all calls from the occupants, even without their knowledge. However, this approach is being used less and less these days.
- Workspace design. A management framework must also address this aspect to ensure security. Recommendations are necessary, for instance, in terms of comfort to limit the risk of injury to the employee, to limit access to paper documents and to avoid setting up the workspace with the back to a window or a door from which information would be visible on the screen without the employee’s knowledge, for the storage of the computer at the end of the day, etc. The design of the workspace at home must therefore consider ergonomics and confidentiality of information as important risk factors.
- Lack of awareness of insurance coverage. About insurance, it is as much the responsibility of the employer as the employee to be aware of the coverage included in their insurance policies. It is important to remember that certain types of risks are not covered by insurers, hence the importance of checking before making a claim.
- Telework planning. To avoid misunderstandings, companies must set out the guidelines for this work method. For example, specify the working hours or availability of employees, breaks, the required elements in terms of facilities available at home (location to work, router, speed of the Internet connection, cell phone, security system/antitheft, accessibility in case deliveries are made, etc.). The other aspect is the reimbursement of expenses incurred by the employee to meet the employer’s requirements. For example, if the work cannot be done without a high-speed Internet connection and the employee has to change his package, or if he has to buy a router, a 2nd computer screen or receive all calls on his private cell phone, etc., who will pay for the incurred and recurring costs?
In short, if one of these situations materializes within a company, it is always better to be prepared and to have mitigation measures in place to minimize the consequences.
Did all this information appeal to you and would you like to know more? Benoit Racette Consulting Services Inc. can assist you by conducting a risk analysis. Contact us, we can help you: [email protected].