With the outbreak of COVID-19, people are locked up in their houses to curb the disease from spreading. To run the treadmill in the market, businesses have encouraged remote working for their employees. Work from home practice has many benefits for the company as well as employees – saving commute time and conveyance cost of employees, real estate cost of employers, saving fuel charges, better productivity because of work-life balance and flexibility of work. With these benefits, there are a few challenges too like unstable internet connectivity and risks of the data breach, client poaching, team poaching etc.

Risk of Data Breach in WFH atmosphere.

The primary agenda of an organisation is security control, and this is deprived in the WFH environment. Though most organisations have catered for VPN, CASB etc. for secure connectivity of end-points with the servers/applications in premise or on cloud, the absence of perimeter security in WFH environment increases the possibility of a data breach very significantly. It becomes essential for companies to hire cyber law consultants to protect their valuable data by establishing preventive techno-legal WFH practices.

According to a survey, 47% of employees take away data before leaving their enterprise. And WFH can shoot up with this percentage as it will be easier now to pass sensitive information for financial gains.

What is the solution?

Preventive techno-legal practices and controls for WFH are highly advisable to reduce the risks mentioned above.

• Detailed techno-legal WFH policies

  Companies should consider creating a policy that offers clear expectations for employee conduct. This shall protect companies’ properties and confidential information, as a part of cyber security law. It is significant for employees to understand their legal and technological considerations for employers reviewing their WFH practices.

  Companies should make policies to ensure employees follow them like the ones mentioned below:

  • Ownership, privacy and acceptable use expectations should be clear for the devices as well as data stored in them.

  • Employees should be equipped with the tools or devices they use to maintain their work responsibilities.

  • Clarity about technology-related purchases and expenses that are eligible for reimbursement.

  • Companies should plan expense reimbursement policies to ensure they adequately address the various costs that may arise from a WFH situation, including internet, technological infrastructure, mobile phone bills, etc.

  • Employers should design confidentiality and privacy policies to determine the following:

    • Password and encryption requirements on devices.

    • Manual or electronic copying of materials.

    • Processes for the disposal or destruction of company records and information.

• Techno-Legal Agreements:

  Employers should revise techno-legal agreements like WFH Legal Declarations, Social Media Legal Policy, NDA (Non-disclosure agreement), NPA (Non-poaching agreement) and other agreements which cover WFH provisions. The agreement is a contract between the employers and employees to abide by the WFH norms formulated by the company. This agreement specifies working hours, to be available for office phone calls and messages, tracking of work, etc.

• WFH declaration:

  A declaration is a formal announcement by employers for their WFH practice. This declaration has a summary of all the policies or WFH norms that employees should abide by.

• Terms & Conditions:

  After signing the ‘I agree – T&C’, the employees agree with the pointers listed down by the companies. It is a pact which employees promise to abide by and fail to do so then the company can take the required actions against the employees. This is also mentioned in the agreement.

• Induction of WFH risks, cyber security and cyber laws

  Researchers found two malware risks in early March. Coronavirus-related attacks are on the rise according to studies which found 4,000 coronavirus-related domains of which 3% were sources of malicious attacks and another 5% were considered “suspicious”.

  • Employers should educate employees to the threats from phishing attacks, malware, viruses, etc. They should have the knowledge of cyber security law.

  • Use VPNs when economically feasible and use cloud-based home office solutions.

  • Enforce security methods, policies and procedures to conduct security policies and geo-specific data privacy requirements. Additionally, to keep the policies updated based on developments.

• Techno-Legal Exit Formalities

  Depending on the situation that has caused an arrangement to end, the supervisor may consult with the local HR representative for guidance. When a flexible work from home arrangement ends, the supervisor must notify the HR representative. All the things mentioned in the WFH policy should be abided like returning equipment immediately to the department provided to an employee for the purposes of remote work.  Additional steps may need to be taken, depending upon the situation and departmental requirements. The costs as mentioned by the employer should be cleared with the employee when they resume working.

  During the COVID-19 pandemic, it is essential for people to maintain social distancing. This is the reason why companies adopted the temporary WFH regime for the safety of their clients and employees. Cyber Law Consultants can ensure that your confidential data is under protection and breaching the data would be investigated and analysed.

  Cyber laws & Information Security Consultants can provide help with dealing with the solutions for your cybersecurity and cyber law needs during work-from-home practice in COVID-19. CLS is a reliable and preferred organisation in cyber law advisory, cyber law compliance audit, cybercrime consultancy, cybersecurity services, cyber forensics services, cyber training, cyber security companies in India that could lend a helping hand. Contact us to know more!