It’s often only once you’ve been involved in remote work for a while that you start to question the risks of remote working.
Cyber security risks of remote working are some of the most commonly discussed risks. But there are several others that we explore below that are not always as obvious, and therefore often overlooked. These include risks associated with breaking labour laws, mental health risks associated with stress and isolation, and the risk of not having a safe workspace.
Not only do companies hiring remote staff need to fully assess the risks and possible liability of having remote employees, but remote workers also need to consider their risks when working from home or virtually.
As there are more remote employees around the world nowadays, many companies have started conducting regular risk assessments to ensure that they can minimize or eliminate risks. Oftentimes these best practices form part of those company’s remote working policies.
Remote workers are also finding solutions that protect them from risks. For example, when it comes to healthcare, digital nomads often find themselves in perilous situations if they don’t have sufficient medical cover when travelling to different countries. That’s where companies like SafetyWing (which offer specialised health insurance plans for remote teams) can be an effective solution to minimise that type of risk.
The top 6 risks of remote working
Below are 6 of the top security risks of remote working. There are many measures that companies can implement to help them keep protected against mounting security risks.
Labour law breaches
For companies that hire remote staff, there are a range of different laws that may apply. That means that companies need to be aware of which laws are binding on them, and what they need to do to comply with those laws. Labour and tax laws are some of the most applicable to hiring remote workers.
For example, you may need to check that you’re complying with minimum wage laws in the countries or states from which you’re hiring staff. Keeping accurate records of how many hours staff work, what salaries they are paid and what taxes are deducted becomes vital to remaining compliant.
And even when it comes to fun social events that take place online like a virtual book club or drinks evening, there can be legal liability risks for companies. Different countries have different laws when it comes to remote work – but the onus may be on the company to ensure that, for example, harassment or defamation does not occur during online social events.
It is therefore increasingly important that employers have a remote work policy and communicate this to all staff, with training where necessary, and regular reminders about expectations.
Workplace injury and compensation
When employees are located in an office, the employer is usually responsible for ensuring workplace safety for all staff and taking the necessary steps to comply with health and safety regulations and protocols.
But when staff are working remotely, it’s easy to assume that they are now responsible for workplace risks and safety. However, that may not be the case. Depending on the law in the country where the worker is based, as well as any laws that apply on the basis of the employment contract, an employee who is injured at home while working, may actually be able to claim workplace compensation.
That means that employers may need to take reasonable steps to ensure that all remote staff have safe work environments, and to do regular audits or virtual inspections.
In many jurisdictions, employers are legally mandated to provide employees who may be differently abled, to have access to the right ergonomic equipment. That includes ergonomic computers, workstations and chairs. Employers who don’t may be liable for claims arising out of injuries or discomfort as a result of non-ergonomic workstations.
Many employers are already starting to provide stipends for remote staff to purchase the office furniture that they need to work from home. There should be guidance from employers on how to ensure ergonomic suitability when buying such items.
Burnout, stress, isolation and mental health
Having a healthy work-life balance is critical to staying healthy, maintaining performance and efficiency and avoiding mental health issues associated with remote work. But remote employees can be at risk of burnout, stress and feeling isolated due to a lack of work-life balance, lack of exercise and wellness opportunities, and lack of communication and engagement.
It’s important that remote work managers communicate regularly with remote staff about the need to maintain a healthy work-life balance, and ensure that they are not over-prescribing tasks by having regular check-in meetings. Managers can also encourage staff to take regular breaks, and to set time limits to their daily tasks.
It can also be a good idea to offer wellness benefits that help employees to avoid or cope with stress, such as access to wellness apps, or gym memberships.
One of the most common concerns among remote staff is a feeling of isolation. That means that it’s important for managers to arrange regular check-ins with staff and to also encourage communication between employees and a sense of community. This can in turn help to build a positive work culture. There are also many fun social activities that companies can organise to bring staff to gather, such as virtual team-building events, or even virtual coffee breaks.
Access to Healthcare
Many companies that employ staff working in offices, provide local healthcare plans as part of the staff benefits packages. But when staff are remote and often living around the world, that can be tricky to organise. That often results in remote companies not providing healthcare to their remote workers, which means that staff may not have access to adequate healthcare.
Even though it may seem impossible to think of procuring healthcare plans for staff in different countries, there are some solutions that provide this as a single service, offering healthcare insurance plans designed for remote teams.
There are an increasing number of cyber security risks of remote working. Some of the biggest risks and vulnerabilities are associated with the following:
Lack of email security training
Many companies have software and IT security departments that monitor and protect against email risks such as DDoS attacks. But, in addition, it’s important to train employees on the most common email security threats and how to avoid them to minimise risks.
Companies that transition from being office based to remote, often have to deal with old technologies that weren’t designed for virtual work. These can open up companies to possible cybersecurity threats.
That’s why many companies now are taking a ‘zero-trust’ approach to network security whereby you treat all new remote access requests as possible threats and therefore verify them before granting access.
Some companies have strict IT policies around which devices can be used to access their networks. This helps them to minimise vulnerabilities to malware and other risks. But other companies require employees to use their own devices for work, which makes it more important to beef up your cybersecurity defences and use a zero-trust approach to network security.
Lack of software updates
When software isn’t updated, computers and electronic devices may not have the latest security patches and protection against cyber attacks and malware. That’s why it’s imperative that companies check that all staff are running the latest software on all their connected devices including routers, laptops and phones.
Lack of privacy in video meetings
When remote employees communicate with each other and clients or partners, their communication is typically via video meetings or data calls. These can be intercepted and listened to by others if the proper security measures are not taken to safeguard against privacy infringements.
And companies often need to store the recordings of these meetings, and need to ensure the correct data security and management procedures are followed to protect individual and company privacy rights.
Lack of restrictions to access sensitive data
It’s important that companies that are remote, have control over who has access to sensitive data. Otherwise that can open up companies to the risk of breaching privacy rights.
Luckily there are many tools that can be used to restrict access to certain files or documents, and having a policy about how to handle, store and maintain data is a critical first step in this process.
Lack of offboarding policies and checks
When employees resign or are fired from their positions, it’s important to have a clearly thought-out offboarding policy and process that ensures that company data integrity is maintained. It’s also important that access rights are terminated, and that passwords are changed. This not only protects the company, but the employee too.
No data encryption policies
When employees send data across networks, it’s often assumed that this will be encrypted. But that’s not always the case, and it’s important to have a data-sharing policy to avoid sensitive data being leaked that could put the company or staff at risk of a lawsuit.
No monitoring of Software-As-A-Service
There are a plethora of IT tools like Slack, Trello, Hootsuite and Zoom that employees use to conduct their remote work job roles. It’s important for companies to prescribe and monitor which Software-As-A-Service (SaaS) applications employees are using to check that they are updated, compliant, and the optimal tools for ensuring productivity and effective work.
Final thoughts on managing risks of remote working
The last few years have been witness to a large-scale transition to remote work. Many companies have had to rapidly transition to managing remote and hybrid employees. And part of this transition has left companies vulnerable to a variety of risks including labour law compliance risks, workplace compensation risks and cybersecurity risks.
Luckily there are many policies, procedures and technologies companies can use to mitigate and avoid these vulnerabilities and protect themselves and their employees against such risks. Taking a proactive and strategic approach to managing risks is the best way for companies to stay resilient and protected.