REMOTE WORKING – CRISIS OR OPPORTUNITY?
Like many employees across the world right now, I am enjoying the time saved by working from home. In the mornings I don’t need to iron my shirts and in the evenings I miss the hour sitting in peak traffic. Of course I miss the daily personal interaction of normal life but for now, online meetings will have to do (provided I don’t erroneously log on with a cat filter or some other zany background).
In fact, according to a study published in the Harvard Business Review, remote workers have reported an overall increase in productivity as they are able to prioritise urgent work over unnecessary meetings, take responsibility for their own schedules and spend additional time interacting with clients or sales leads. Some notable companies which have introduced long term remote working policies include Mastercard, Twitter, Dimension Data and Shoprite.
However, with a distributed workforce comes increased legal jeopardy. As many businesses were forced to go virtual overnight, 11 months later, they are still adapting their policies and workflow processes to the new normal. There are three general areas which must be addressed to ensure a workforce can enjoy the benefits of remote working without exposing the company to considerable risk.
Companies which allow their employees to work from home should implement robust cybersecurity controls within their organisation. Some of these controls could include simple steps such as creating a password mandate which forces employees to use strong passwords which are updated regularly and the installation of security software which protects against viruses, malware, ransomware and crypto miners.
Other controls are more complex but equally necessary, such as enforcing the use of a virtual private network which encrypts network traffic before an employee can access a shared server and conducting online training workshops for staff so they are aware of the threats posed by cybercriminals.
During February 2021, international game developer CD Projekt Red was infiltrated in a coordinated ransomware attack during which the malevolent actors gained access to game source code, private emails, accounting information and encrypted the company’s servers before leaving their note. The group responsible for the attack demanded the payment of a ransom in excess of a million dollars. Although the company was able to regain access to its servers via backups, its refusal to pay the ransom could yield disastrous results if its private data and intellectual property is leaked online.
While it is unclear how the hackers breached CD Projekt Red’s network, employees can compromise their company’s system in numerous ways, such as responding to a dodgy phishing email, using a public, unsecured Wi-Fi connection or using a company device to download torrents.
EMPLOYMENT LAW AND PRODUCTIVITY CONCERNS
During business hours, employees are contractually bound to perform their assigned duties and (provided their instructions are reasonable and lawful) act in a manner which advances the interests of the employer generally. While the vast majority of employees are honest and execute their tasks faithfully while working from home, inevitably there are a small number of people who will use the situation to their benefit.
Employees could be dedicating their work hours to catching up on series or sleep rather than their overdue admin. This fear has led to some organisations installing employee monitoring software (otherwise known as “Bossware”) on their employee’s devices. This software ranges in its scope but can report data such as the webpages the employee visited, the keystrokes they logged and how long a cursor remains idle. This type of software is a relatively new phenomenon and it remains to be seen whether it constitutes an unjustifiable infringement on an employee’s right to privacy.
Another concern employers need to grapple with in the remote working landscape is the prospect of “moonlighting”. It is conceivable that some employees are using the lack of physical oversight to perform freelance or outsourced work. Provided this is agreed with an employer beforehand, it is not a problem but where this additional work is performed secretively and during the hours an employee is meant to be working for their employer, this could constitute a breach of the employment contract.
The deadline for compliance with the Protection of Personal Information Act is 1 July 2021. This means that businesses only have a short window of time remaining to ensure that personal data (belonging to clients, suppliers or employees) flows through their organisation in a manner permitted by the law.
Where employees are working remotely, it will be the responsibility of the Information Officer to ensure that the company has taken reasonable organisational and technical measures to protect personal information from exposure or destruction.
This will be a challenge for all businesses as employees need to be educated on their responsibilities and new procedures before the deadline. These responsibilities could involve demonstrations on how to dispose of hard copies of client information, ensuring no files are stored on a laptop’s hard drive or limiting access permissions to only certain personnel.
Remote working is here to stay. Companies wishing to take professional advice on how best to manage the new normal should reach out to us on www.rhattorneys.co.za
BY JARRYD PILLAY