Ask the ExpertCategory: QuestionsWork from home – does the employer have to provide equipment?
hri_Admin Staff asked 4 years ago

If an employer is shifting to a work from home program, does the employer have to provide those employees with the equipment (wifi, laptop)? We are a not-for-profit with tight budgets. Only half our staff have work laptops and work cellphones. Our IT department has provided staff with instructions on how to log in to the network remotely and are asking employees (who don’t have organization assigned equipment) to use their own personal computers and devices when working from home. when employee asked if we will be paying for part of their cell phone and Internet bill. This was not something we were planning to do. What issues do we need to be mindful of?

2 Answers
Glenn Demby Staff answered 4 years ago

Many employers have BYOD (bring your own device) policies requiring employees to use their own laptops, including backups. The downside, in addition to cost to employee, is integrating their devices into your own systems. Of course, there are also privacy and security issues involved.
Another option is to give employees a stipend to buy the devices they need. Of course, if you can’t afford that, it’s not going to do much good. The other option is to let the employees bring their office computer homes, assuming all employees have computers at work.
At end of the day, the equipment arrangements for remote work are a matter of business and budget rather than law, as long as all employees are treated fairly and consistently. In other words, there’s no law I know of that requires employers to pay for employees home-use laptops. Hope that helps. Apologize for delay. Glenn

Glenn Demby Staff answered 4 years ago

Your Q inspired me to write the following article, which will soon be posted to the site. Sorry I didn’t do it a week sooner.
Like so many employers, you may be scrambling to set up a virtual private network (VPN) or other system enabling your employees to work from home during the coronavirus (COVID-19) crisis. Here’s a quick look at the 4 data and cybersecurity risks you need to incorporate into your planning.
1. Remote Access Risks
The first thing your system needs to do is provide employees remote access. If COVID-19 caught you off guard and without a pandemic plan in place, you may feel pressured into implementing “band aid” solutions that enable remote access by compromising security, like use of remote desktop protocol over the internet. Bottom Line: While you can compromise a little on remote access security, require access through a VPN and provide for multi-factor authentication.
2. Confidential Data Leakage Risks
Take steps to keep all data classified as non-public on your organization’s systems, which may include:

  • Giving employees computers and other hardware to take home or via secure remote access technology;
  • Letting employees use their own laptops or hardware in accordance with the rules set out in a bring your own device (BYOD) policy [click here to find out how to create a BYOD policy]; and hyperlink to related article uploaded separately
  • Implementing strict policies on printing confidential business documents or holding confidential business conversations at home.

3. Credential Risks
As part of your COVID-19 response, you may need to issue new credentials to new classes workers. In addition to providing clear instructions and policies for password use, you can use multi-factor authentication to reduce credential handling risks. You should also consider reminding employees about phishing risks in the event that, as some have suggested, the widespread creation of telecommuting systems increases vulnerabilities and increases in phishing attacks.
4. Incident Response Risks
Chances are that dispersion of employees and absences of key personnel will test your incident response plan. Key questions to consider:

  • Which IT staff member is responsible for coming to the work site if necessary for incident response?
  • How soon can that person get to the site?
  • Who will stand in if the designated staffer has COVID-19 or is otherwise unavailable?