Please ensure Javascript is enabled for purposes of website accessibility
Home / VA Business Law Bulletin / Data security is next frontier as more employers embrace remote work

Data security is next frontier as more employers embrace remote work

Remote worker using Zoom

Two and a half years out from the wide-spread arrival of the COVID-19 pandemic in the United States, working from home has become much more of a choice for workers and jobseekers, rather than an emergency measure.

According to the Pew Research Center, as of February 2022, 59% of American workers whose jobs could be performed at home were continuing to work from home. That number had peaked at 71% in October 2020 but was still up substantially from 23% who say they worked remotely frequently before the coronavirus outbreak.

“Working from home is something that continues to expand,” said Lorisa D. LaRocca, partner and chairperson of the labor and employment department at Woods, Oviatt, Gilman. “I don’t see remote work tapering off, certainly not with my own clients. More and more people in the workforce are saying flexibility and the ability to work remotely is a pre-requisite for them.”

With remote work here to stay in many industries, here is what employers need to be doing to address productivity and data privacy concerns they may have that go along with this terrain.

Skepticism of work from home has changed

Luke P. Wright, a partner with Harter, Secrest & Emery, admits he was a bit skeptical about how remote work for the masses would go.

“One of the fears about at-home work pre-pandemic was that most employees would not be productive,” Wright said. “This largely turned out to be wrong and the skepticism of work from home has been pushed back broadly.”

Statistics back Wright up. A study by Stanford researchers of 16,000 at-home workers over 9 months showed that working from home increased productivity by 13% when compared to company data from previous years. The increase in productivity was attributed in part to a quieter and more convenient working environment.

Additionally, Stanford researchers found employee attrition decreased by 50 percent among the telecommuters and that telecommuters had fewer sick days and took shorter breaks and less time off than their non-telecommuter counterparts.

Still, many employers want their own real-time data on the productivity of their remote workers. That data-seeking varies greatly from employer to employer, from fairly minimal monitoring, like a supervisor checking in randomly with a call or email, to more moderate, like requiring employees to return emails in a certain amount of time. There are also companies that use more intense measures, like a high-tech system that randomly takes photos of their employees sitting (or not sitting) in front of their computers.

“Some employers are not interested in monitoring the minute-by-minute activities of their employees and take a more organic approach,” LaRocca said. “Others say, ‘I trust my employees, but I still want to be able to check in on them from time to time,’ and others use more extreme methods of monitoring.”

Time to look at data protection

“When work from home first became a thing most employers were focused on productivity,” said F. Paul Greene, a partner with Harter, Secrest & Emery and chair of the firm’s privacy and data security practice group. “Now it’s time to look at data protection. The data of others is what companies should worry about.”

Protecting data is a major concern for employers with a remote workforce, and rightfully so. When employees are not working from a centralized location there is a dispersion of data and devices that must be regulated — something as seemingly innocuous as using a company laptop on an unsecured Wi-Fi network at the coffee shop by your house can have disastrous consequences.

The 2019 State of Cybersecurity for Remote Work study from OpenVPN revealed that 90% of IT professionals surveyed believe remote workers pose a security risk for their employers and more than half said remote employees are a greater security risk than onsite employees. Still, 92% of these IT professionals believe that the benefits of remote work outweigh the risks.

“Privacy and protecting information is not merely a best practice anymore, it’s mandatory,” said Paul F. Keneally, a partner at Underberg & Kessler who specializes in labor and employment. “It’s really important companies spend the time and the money to make sure their systems are private and that the home worker’s devices are as equally protected as if they were at their desk.”

Some of the things Keneally recommends to his clients are multi-factor authentication for devices, a password management system like 1Password, and cyber insurance for those worst-case scenarios.

“I think the ship has sailed on whether or not you need cyber insurance,” Keneally said. “You need it. Every business needs it. It’s just part of the cost of doing business in 2022.”

Greene recommends that all companies ensure their work-from-home policies address data protection and are harmonized with their other data protection policies.

When work from home increased during the pandemic many companies’ policies around remote work looked more at logistical and productivity issues, Greene explained, like time expectations and monitoring practices. Now it’s critical that companies re-visit their work-from-home policies to make sure the data protection piece is not only included but robust.