HR Home Forums Community Work from home – does the employer have to provide equipment?

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • Conner Lantz
    Post count: 4836

    If an employer is shifting to a work from home program, does the employer have to provide those employees with the equipment (wifi, laptop)? We are a not-for-profit with tight budgets. Only half our staff have work laptops and work cellphones. Our IT department has provided staff with instructions on how to log in to the network remotely and are asking employees (who don’t have organization assigned equipment) to use their own personal computers and devices when working from home. when employee asked if we will be paying for part of their cell phone and Internet bill. This was not something we were planning to do. What issues do we need to be mindful of?

    Conner Lantz
    Post count: 4836

    Your Q inspired me to write the following article, which will soon be posted to the site. Sorry I didn’t do it a week sooner.
    Like so many employers, you may be scrambling to set up a virtual private network (VPN) or other system enabling your employees to work from home during the coronavirus (COVID-19) crisis. Here’s a quick look at the 4 data and cybersecurity risks you need to incorporate into your planning.
    1. Remote Access Risks
    The first thing your system needs to do is provide employees remote access. If COVID-19 caught you off guard and without a pandemic plan in place, you may feel pressured into implementing “band aid” solutions that enable remote access by compromising security, like use of remote desktop protocol over the internet. Bottom Line: While you can compromise a little on remote access security, require access through a VPN and provide for multi-factor authentication.
    2. Confidential Data Leakage Risks
    Take steps to keep all data classified as non-public on your organization’s systems, which may include:

    • Giving employees computers and other hardware to take home or via secure remote access technology;
    • Letting employees use their own laptops or hardware in accordance with the rules set out in a bring your own device (BYOD) policy [click here to find out how to create a BYOD policy]; and hyperlink to related article uploaded separately
    • Implementing strict policies on printing confidential business documents or holding confidential business conversations at home.

    3. Credential Risks
    As part of your COVID-19 response, you may need to issue new credentials to new classes workers. In addition to providing clear instructions and policies for password use, you can use multi-factor authentication to reduce credential handling risks. You should also consider reminding employees about phishing risks in the event that, as some have suggested, the widespread creation of telecommuting systems increases vulnerabilities and increases in phishing attacks.
    4. Incident Response Risks
    Chances are that dispersion of employees and absences of key personnel will test your incident response plan. Key questions to consider:

    • Which IT staff member is responsible for coming to the work site if necessary for incident response?
    • How soon can that person get to the site?
    • Who will stand in if the designated staffer has COVID-19 or is otherwise unavailable?
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.