Deborah O'Riordan, Practice Leader in Risk Solutions at QBE, discusses the questions all organisations must be asking to ensure business resilience continues as they transition to remote working.
System Access & Resilience
How well do your remote access and work-critical systems function if a significant percentage of your workforce (potentially 100%) are logging-in remotely?
Think about access to servers generally, and to all the work-critical systems necessary to function effectively. If you do not know the answer to this, it is important to find out now.
You need to take into account whether people can access relevant systems from their own devices if necessary? Will that option provide them with access to all necessary systems for their role? Certain functions, such as HR and Accounts, and some limited licenses software may require specialist access rights. Identify these requirements early and consider workarounds to ensure continuity of service.
Secure Access & Working Practices
Do you have a policy on secure remote working, which addresses (amongst other things) security controls if using users’ own IT equipment?
Working outside of the office environment means fewer controls on how and where people work. It is critical that you have a comprehensive and clear policy on remote working. We recommend that all staff are issued with summary guidelines highlighting the key messages and requirements - as this is much easier to reference than several detailed policies, and therefore more likely to be followed.
Are all your employees working on Windows10 (or up to date Apple) computers, with current anti-virus software, and all latest patches installed?
How will your cyber and other crime prevention measures hold up?
Email traffic is likely to increase in extended remote working circumstances and this could be used to mask phishing attempts, spoof emails and other forms of social engineering. Now would be a good time to remind your employees of key policies, what to look out for, and the need to be vigilant.
Practicalities to think about include:
- How will your payment fraud prevention measures operate in a remote-working situation?
- For those subject to client due diligence requirements, how will Know Your Client checks be conducted?
- If the former is reliant on a small core of people, and/or licenses for electronic checks are restricted, can others be trained, and licenses reallocated to allow for staff shortages?
- Who are the alternates if the usual escalation personnel are not available?
Have arrangements been put in place to ensure that there are regular update/review meetings between team leaders and their staff, whether or not those staff are physically present in the office?
Frequent, regular and structured catchups will need to be agreed for each individual, based on the type of work, level of experience, remote monitoring capability etc. There is no ‘one size fits all’ and arrangements should always be risk-based. Day-to-day authority levels, sign offs, and reviews needed should be made very clear.
What central management reports can you run, and how valuable an insight do they provide for supervision?
Operating centralized electronic work and document management systems allows both remote review and service continuity should a staff member become ill - providing such records are kept up to date. Management reports from these and other systems should enable risk behaviours and factors to be identified remotely.
What support and communications will everyone need?
Isolated working, working under non-routine and sub-optimal arrangements, and attempting to cover for absences will lead to anxiety and stress for some people. Buddy arrangements, regular updates, and a regular check-in regime, both individually and in teams using a team-talk facility like Skype or MS Teams, can help reassure people, make them feel more in touch and allow them to offload concerns.
We see many claims even during normal working times where distractions are a contributory factor - working at home during holidays, working remotely whilst travelling etc. The level of distraction looks set to increase dramatically considering the likelihood of having children and/or sick relatives at home for extended periods and the challenges that could bring to what might normally be a quiet place to focus. Be aware of this heightened risk - double check and check again, or better still operate a tighter review protocol on work considered to be at higher risk.