Loading in 2 Seconds...
Loading in 2 Seconds...
CREATING A SAFE AND PRODUCTIVE ''WORK AT HOME" ENVIRONMENT. Understanding The Risk Profile: Procedures, People, & Privacy.
Understanding The Risk Profile:
Procedures, People, & Privacy
Yvette Connor: Managing Director with Alvarez & Marsal Risk Management Advisory Services in Denver, with more than 20 years of experience building, quantifying and testing operational, financial, hazard and reputational risk frameworks.
Advancements in technology, specifically in the area of telecommunications, cloud storage, and virtual meeting applications, have created a platform whereby employees and/or contractors of a firm can perform their duties without having to commute to the firm’s physical location.
However, debates among various management philosophies argue whether or not the pros outweigh the cons.
This debate recently made headlines when Marissa Mayer, the young and progressive CEO of Yahoo Inc., ended the firm’s “work from home” policy without any public explanation as to why. In the spring of 2013, she made a public statement saying that "It's not what's right for Yahoo right now," but added that "It (the policy) was wrongly perceived as an industry narrative.”1
As the debate continues over the benefits and drawbacks of telecommuting, many are focusing only on productivity and ignoring the change that occurs to a firm’s risk profile once a telecommuting policy is in place.
For management of a firm to adequately theorize the net result of implementing a telecommuting policy, all of the risk factors must be identified and quantified.
This requires the expertise of highly skilled risk management team, capable of taking an organizational theory, and quantifying the operational risks.
1Tkaczyk, Christopher: Marissa Mayer breaks her silence on Yahoo's telecommuting policy. CNN Money, April 19, 2013. http://tech.fortune.cnn.com/2013/04/19/marissa-mayer-telecommuting/
Telework A new frontier of risk management
APPLICABLE INSURANCE COVERAGE
The Sun reported on Wednesday that the laptop, which was lost along with 19 others three weeks ago, contained the unencrypted health details of over 8.63 million people and records of 18 million hospital visits, operations and procedures. It was taken from a storeroom of London Health Programs, a medical research organization based within the NHS North Central London health authority.
If the data has been breached, the implications could be serious, according to the ICO. "[The NHS] holds millions of [bits of] data on millions of people. They're probably the body that hold the most sensitive data in the UK, they have millions and millions of records being accessed every day," a spokeswoman for the ICO told ZDNet UK.
Written policies should be created outlining specific protocols for the conditions of the employee’s work area. These protocols should include, but not be limited to:
Employee’s working space must be in a clean, well-lit environment free from any personal belongings not pertinent to their job description which could be hazardous
The work-space must contain adequate power outlets and surge protectors to safely power all hardwire required to perform the employee's duties
Require the employee to submit photograph evidence that their work-space meets the required protocols
Any employee working from home should be required to sign that they have read the safety protocols, and that worker’s compensation benefits only apply to injuries that occur in the course of their job duties
Although impossible to eliminate completely, the likelihood of a material loss resulting from adopting a telecommuting policy, can be dramatically reduced by applying risk management best practicesProtecting Human Capital
Policies typically include:
1st Party coverage for notification costs associated with release of personally identifiable information (sub-limits may apply).
3rd Party coverage for suits alleging invasion of privacy (lower frequency, higher severity)
As additional claims result from devices utilized outside corporate firewalls, additional underwriting questions will ensue.
Written policies should be created now to guide IT and employees in the following areas:
An intranet time-log system should be created and monitored on-going for signs of fraud and abuse
All telecommuting employees should be provided with company issued hardware and security software to ensure uniformity across applications. If employees will utilize non-company issued devices, security software should be specified and/or provided
Require that all work-product be stored in and for work be performed through a cloud computing portal such as Citrix to monitor data movement and application access
Provide clear instructions on steps to take if a device is lost, hacked or otherwise compromised.
E & O policies currently provide broad definitions, with no commonly used exclusions for risks associated with work from home or use of personal devices.Reputation and Security