Telecommuting has evolved from an occasional employee perk to a mainstream business strategy. Is it right for your company? What are the risks and how do you manage them?
More than 12 million people worked outside their offices at least once a month in 2008, an increase of 39 percent in two years, according to the WorldatWork Institute. Not surprisingly, technology companies led the way. A 2006 survey of Cisco Systems employees found that their average employee telecommuted two days a week.
Originally, many managers were skeptical about telecommuting. They worried about losing control of workers who would be slacking off at home. However, with the confluence of high-speed broadband, portable devices and increased gas prices, telecommuting has taken off.
Companies like Cisco have formal telecommuting programs, but many other companies have ad hoc arrangements that expand over time, as managers see the advantages. Today, there are three compelling reasons for telecommuting:
1. Save money. Telecommuting lowers real estate and other employee-related costs.
2. Increase efficiency. Studies show that a significant portion of the time saved from commuting is used for work.
3. Increase employee morale and retention. Telecommuting employees are generally more satisfied with their work and feel less stressed.
Telecommuting makes more sense for companies in which many employees are engaged in “heads down” activities such as computer programming, legal research or graphic design that require relatively little interaction with others.
The Security Risks
Employees working remotely generally have access to company information via a company laptop or their own personal computer.
A 2007 study by Ernst & Young and the Center for Democracy and Technology found that more than 80 percent of respondents allowed telecommuters to work at home with proprietary or confidential information. Those workers share some of the same security risks as employees who travel:
- Physical loss of information or a laptop.
- Access to data by unauthorized people.
- Communication through non-secure channels.
Home workers pose additional security risks if they:
- Store proprietary information on unprotected computers.
- Print confidential information without proper disposal.
- Allow family members to use the company’s computer.
- Allow others to use critical passwords.
What to Do
If you have employees who telecommute – even just occasionally – you need to have a written telecommuting policy that addresses the specific needs of your company and the specific activities employees do at home. You need to:
- Establish whether employees can handle private or proprietary data remotely.
- Establish security credentials and access controls for remote workers, based on their specific needs for access to confidential information.
- Discourage printing at home, but establish guidelines for disposal.
- Prohibit employees from using personal computers unless security features have been installed.
- Prohibit employees from storing company information on their home computers.
- Prohibit employees from transferring data through USB flash drives, unless encrypted.
- Use encryption, such as a virtual private network (VPN), for all devises that connect to the company’s network, including wireless devices and home computers.
- Use hard token authentication for server and database access.
- Prohibit downloading unauthorized software on company computers.
- Provide email encryption if workers use home computers for work.
- Monitor telecommuters’ email and access to the Internet and company databases.
Insurance Concerns
The good news is that having workers telecommute does not generally require buying any additional insurance coverage or limits.
It is easy to imagine insurance risks for employees working at home – an employee falls down her stairs and has a workers’ comp injury, or she drives to the post office and has a car accident. Those scenarios are rare and are generally covered by existing policies.
Regardless of whether your employees are working at home, you may want to look at your coverage limits for computer hardware and consider optional endorsements that add coverage for:
- Loss of software, programming and data caused by viruses
- Loss of income due to damaged hardware or software caused by viruses
- Loss of income due to viral attacks that overload computers and prevent normal business traffic
- Electronic fraud – reimbursement for money stolen through the computer.
If you are thinking about making telecommuting an important component of your business strategy, give us a call so we can discuss risk management and your current coverages.