In light of concerns about the spread of the new coronavirus, many businesses are permitting employees who can work remotely to do so.
Although this measure is appropriate in order to mitigate health and safety concerns, there are several steps that any companies that are considering permitting remote work to consider and to undertake as appropriate.
Issue Company-Wide Memo
First and foremost, companies that are permitting employees to work remotely should send a company-wide memo documenting that the current circumstance that has called for remote work (i.e., the coronavirus) is unique.
The memo should also address other aspects of the impact of the virus on the workplace, such as whether and how employees should determine if they or members of their household have the virus, eliminate nonessential travel if possible, how remote employees should behave (estimated work hours, responsiveness, expectations to be available, etc.), a beginning and an end date for the remote work (such as “for 60 days and to be reassessed at that point”), and any other areas where management may believe the company will be affected by remote work and concerns about the coronavirus.
Assess Communications Tools
Companies that have never permitted remote work before may take for granted the amount of communication, whether verbal and/or nonverbal, that happens when employees work remotely.
To maintain as close to the same degree of connectivity as possible, companies should be aware of and assess their communication tools, including, but not limited to, their internal messaging systems, emails, call forwarding, text messages, cell phone numbers (which not all employees may be aware of or have access to), and any other communication systems, to be able to reach all employees as necessary.
Conduct Disaster Drills
Companies should conduct disaster drills and advise employees on what to do if the office is closed, whether in part or altogether, as well as on the guidance being issued by the Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO), and local health authorities.
How will the company communicate with all of its employees? And how will it maintain the minimum-necessary staffing levels? In this respect, a remote workforce is not merely an issue of maintaining in contact with everyone, but handling what could be a physically-diminished workforce. These questions are imperative and should be addressed.
Mandate Employees Track Their Time
Companies should also mandate that employees who are working remotely—exempt and non-exempt alike— keep track of their time, and document what they are doing while they are working from home or elsewhere outside the office.
In New York, Ohio, and other states, state legislatures are advancing paid sick leave bills that protect people who stay home from work because they are self-isolating or quarantined due to the coronavirus, so companies should be aware of these legal developments.
Create HR Emergency Response Policy
Human resources departments should document the company’s complete instructions in an emergency response policy, to make sure employees have a resource and a reference guide going forward as the situation develops.
Assess IT Capabilities and Responsibilities
Last but not least, IT departments will face many issues resulting from an increased remote workforce, as well as from the coronavirus as a whole. First, IT departments should figure out if their company’s system has the capacity to handle more remote employees, and to either limit remote employment or increase capacity.
Another issue for IT departments to address is increased malware attacks. As the coronavirus continues to spread, there may be new phishing attacks from purported health authorities, companies offering purported vaccines, fraudulent solicitations for charitable contributions, and the like. Therefore, companies should remind employees to protect their devices and technology, and to look out for and report any suspicious communications.
Remote employees’ home networks—and their connected devices—may also be vulnerable to malware or ransomware attacks through their wireless router. Employees may also be tempted to use their personal computers on unsecure public networks at libraries or cafes. Therefore, companies should recommend that their employees secure their home Wi-Fi networks with a password, and, when possible, employees should not access sensitive information on public networks.
Additionally, for companies that do not have a secure virtual private network, employees may attempt to connect to a company’s systems in an insecure manner, such as using remote desktop software to connect to their work computers. To the extent companies anticipate that remote employees will need to access information on a company’s network, such as a network-enabled personal drive to store documents, companies should configure VPNs for certain employees or for data that is critical for conducting business.
Remote employees who have web access to corporate email should also be enabled to use two-factor authentication to the web-accessible portal or any other web-accessible corporate network.
Because many employees are justifiably concerned for the health and safety of themselves and their families, it is understandable that a wide range of personal- and work-related concerns are on everyone’s minds. Still, with some deliberate planning, clear policies and open channels of communication, both to and between employees, companies can maintain the reliability of their operations while also keeping their employees safe.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Author Information
Daniel Messeloff is a partner at Tucker Ellis LLP and works with companies ranging from multinational corporations to start-ups and small businesses to address, manage, and resolve employment, labor, and other legal issues. He has been published in the New York Times, the Chicago Tribune, USA Today, the Washington Post, the Columbus Dispatch, the New York Law Journal, and other major publications.