Compliance in a work-from-home environment

By Robert Bond

Robert Bond (robert.bond@bristows.com) is Partner & Notary Public at Bristows LLP in London, UK.

The lockdown that was imposed during the COVID-19 pandemic has changed forever the way in which many of us work, and remote access to the office infrastructure and working from home may well be the new normal. However, in the first few weeks of lockdown, many of us were working from home in circumstances that were never anticipated by management—and also without the appropriate technical and organizational structures to manage the information and personal data that we were processing. Now we need to ensure that we manage our obligations regarding data protection, confidentiality, and information security if working from home and from the office have to sit side by side.

Regulatory compliance

Many regulated organizations in the financial and insurance sectors have had difficulty adjusting to working from home, as it makes it harder to supervise traders and staff, monitor for market abuse, and protect client confidentiality. Professions where transactions require identity and authentication to be face-to-face have struggled to adapt to “self-distancing” and also to comply with laws that were created in an age of paper, pen, and ink.

Technology may provide some of the solutions, such as remote monitoring of the use by staff of devices and communication channels, as well as electronic signatures and virtual meetings for documents and authorizations, but these require a reassessment of regulation, risk, and trust.

Information security

In the US, research suggests that successfully changing the culture or attitudes of staff is influenced by the behaviors and communications of senior management.[1] When leaders make cybersecurity a priority and firmly instill it in messages to employees, it sends a very strong signal to the team and also makes it a priority for staff.

The report says, “Here are three things executives can do today to build and reinforce a culture of cybersecurity in their organizations:

  1. Make cybersecurity a personal priority and ‘walk the talk’: Simple actions like making sure to not click on emails or open links without checking if they are real are examples of cybersecurity hygiene everyone needs to follow.”

  2. Bring cybersecurity into the light: It’s important for leaders to make cybersecurity a personal priority, but it’s also important to talk about it often with the organization. To establish a culture of cybersecurity for the whole organization, senior leaders must let everyone know that they are making cybersecurity a personal priority.”

  3. Give extra support to your digital colleagues: Meet with security and technology teams regularly to learn and participate in business impact discussions. Listen to their immediate concerns and needs and provide a way to increase support….Perhaps create cross-functional task forces to address these issues immediately so the business impact is minimized.”

In the UK, the National Cyber Security Centre (NCSC) has produced guidance[2] for businesses on how to prepare the organization and staff for working from home, including the use of two-factor authentication for login and the requirement for businesses to produce how-to guidance and webinars to help staff with issues of remote access and the use of conferencing and video services. The NCSC guidance also addresses the need to alert staff to email scams and social engineering as more access is made to online services across a number of devices.

From an information security and cybersecurity point of view, the increased use of social media and the internet give rise to risks surrounding social engineering, phishing, ransomware attacks, and the like; again, guidance needs to be given to staff around awareness of these issues.

Finally, the business needs to consider how it can improve physical and technical security at home for its staff as well as the management of confidential information, including, in particular, manual records and print. While in the office environment, there is usually a control around the disposal of paper and confidential documents, and while it may be harder to manage this within the home environment, the liability still remains.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings