• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Conventus Law

Conventus Law

Conventus Law

  • About Us
  • Channels
    • Jurisdiction Channel
    • Practice Area Channel
    • Industry Channel
    • Business Of Law
    • Law Firms
    • Special Reports
  • Video
  • Events
  • Explore
  • Search
  • Membership
  • Conventus Doc
x
Search

More results...

Generic filters
Home » Special Report » Assessing And Addressing WFH Risks.

Assessing And Addressing WFH Risks.

March 29, 2022

March 29, 2022 by

Companies must develop risk assessment and containment strategies that reflect the new working-from-home (WFH) dynamic. Companies which have adopted WFH strategies to preserve efficiency and productivity in the face of the coronavirus (COVID-19) pandemic now need to carefully review their risks profiles. 

WFH has become commonplace across the business world, with companies moving quickly to adapt to social quarantine measures and stay-at-home orders. Global Workplace Analytics has forecast that around 30% of the global workforce is expected to work remotely by the end of this year, . 

One of the most profound discoveries has been that rather than lost productivity, employee output has either remained the same or, in many cases, increased – although the productivity rate does vary between different industry sectors. But with concerns around sustaining productivity outside of the office largely somewhat allayed, now is the time for managers to begin focusing on the various risks and challenges posed by remote / flexible working. 

Employees working from home – where distractions and temptations are more numerous, the threat of cyber attacks is higher and the sense of professionalism and adherence to corporate policies, procedures and protocols is lower – all invariably present a greater risk to their employer companies. 

Kevin Bowers, founding partner at Hong Kong-based bowers.law, told Conventus Law that companies needed to start weighing-up the broad spectrum of risks posed by a remote workforce. 

Phishing trip 

“Employees are much more likely to fall prey to phishing attacks when working from home. This boils down to their removal from a professional environment, where procedures and protocols can be more easily implemented, applied and reinforced.”

Kevin Bowers, founding partner at Hong Kong-based bowers.law

He said: “Employees are much more likely to fall prey to phishing attacks when working from home. This boils down to their removal from a professional environment, where procedures and protocols can be more easily implemented, applied and reinforced.” Phishing attacks accounted for 90% of data breaches, according to Cisco’s 2021 Cyber Security Threat Trends report which was published on 1 November 2021. The success rate of these attacks lies in the fact that they target the weakest link in the security chain – the user. Whilst companies have traditionally leaned on their IT teams to employ hardware, software and training solutions to combat this ever-increasing threat, these approaches have been undermined by WFH strategies. Home offices are often characterised by inferior network security, the use of personal hardware rather than the company vetted systems, and an increased number of distractions. Add to this list the fact that employees WFH are less motivated to liaise directly with their colleagues, and the chances of a successful phishing attack soar. 

Automation platform Ivanti reported in July 2021 that from a survey of more than 1,000 enterprise IT professionals, 74% of respondents reported that their organisations had been compromised to a phishing attack within the previous 12 months, with 40% noting that they had experienced an attack in the previous month. Bowers said: “A classic phishing attack targets accounts teams with payment requests or a request to change banking details. Employees who are working from home – where they’re less engaged / more distracted and without any actual pressure or oversight to implement or apply corporate and accounting policies, procedures and protocols – are more likely just to hit the send button in response to these these phishing requests.” 

Reputational risk 

Beyond the security risks created by a geographically dispersed workforce, companies must also weigh-up the potential reputational risks WFH strategies can create. Employees have always been a source of risk in terms of their behaviour on social media platforms – either their own or their company’s – and these platforms have seen a marked increasing in use since the start of the pandemic. 

All social platforms – including LinkedIn, Facebook and Twitter – experienced an 8-38% uptick in their monthly active user bases between 2019 and the start of 2021, according to Statista. 

“There is a heightened risk of employees working remotely posting inappropriate material on personal social media which could create negative and damaging publicity for their employers,” Bowers said. “However, companies’ efforts to track employee activity have also led to poor management decisions, including the infiltration of employee groups and tracking online activity in order to covertly observe their behaviour.” Corporate reputation is an intangible asset that is difficult to manage, but carries considerable benefits such as increased customer and employee loyalty. As such, protecting that branding and reputation should be of paramount importance. Bowers said: “Companies need to adopt a ‘prevention is better than cure’ approach when developing policies for risk management. Once that cat is out of the bag, it’s a nightmare to get back in.” 

Prevention better than cure

With WFH becoming more commonplace, it is more important than ever for companies to double down on policies, procedures and protocols. Employers need to both understand the challenges that remote working creates and aim to mitigate the associated risks. Bowers said: “It’s vitally important that those policies, procedures and protocols are actually implemented and not simply posted on the intranet with little to no follow through. Remote working requires companies to develop greater engagement with their teams.” 

“There are insurance risks connected with employees working remotely. For example, professional indemnity, occupiers’ liability and employee personal injury compensation. Companies also need to consider the increased risk of breaches of confidentiality, personal data rules as well as breaches of regulated activities in regulated financial or professional services sectors.” 

Kevin Bowers, founding partner at Hong Kong-based bowers.law

Bowers argued that a broad spectrum of risk had emerged owing to the shift away from a centralised working environment to home offices. He said: “There are insurance risks connected with employees working remotely. For example, professional indemnity, occupiers’ liability and employee personal injury compensation. Companies also need to consider the increased risk of breaches of confidentiality, personal data rules as well as breaches of regulated activities in regulated financial or professional services sectors.” 

As the world transitions towards a post-pandemic era, where COVID becomes endemic, the push for flexibly working overseas is only likely to increase. Bowers said: “Remotely working overseas creates its own set of risks. For example, which law will be applied to 

the employment relationship? Is it the jurisdiction of the country in which the employer company is based, or the jurisdiction of the country where the employee is working remotely? These are questions that need answers now.” 

When all else fails… 

Ultimately, human error can and will inevitably lead to lapses in judgement and breaches of protocol. The rising tide of successful phishing attacks is testament to this fact. Whilst developing a comprehensive prevention strategy should be a company’s leading priority, management also needs to embrace the development of an organised crisis management plan (CMP). Bowers said: “Companies must be ready with an organised CMP with personnel from each key department allocated appropriate roles.” This means, he said, having members of the legal, PR, communications, accounts and IT departments (in addition to the c-suite) on permanent stand-by in order to be able to mount an effective rapid response to any crisis, as maintaining control over a rapidly evolving crisis situation is key to overcoming the problem. 

The pandemic has changed almost everything and will likely continue to shape how the business community operates for several years to come. Developing the necessary strategies to counter existing and emerging threats before they happen is essential to remaining competitive. Bowers advises: “Dust-off and update those risk and crisis management playbooks today”!

This article was written by Andrew Kemp for Conventus Law in association with Bowers.Law.

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position or policy of Bowers.Law or its other employees and affiliates.

For further information, please contact:

Kevin Bowers, Partner, Bowers.Law

kevin.bowers@bowers.law

Tags: Bowers.Law, Risks

Primary Sidebar

PRESS RELEASES

  • Vietnam – Indochine Counsel Partners Met With Head Of Research Kelsey Li From Asia Law. 20 June 2025
  • SSEK Mentors University Of Indonesia Law Students On Agreements And Arbitration. 20 June 2025
  • SSEK Partner Speaks At IIPLA 2025 China Conference. 20 June 2025
  • US – TTAM Research Institute Agrees To Acquire 23andMe Business. 20 June 2025
  • Linklaters Advises On VTG’s €613m Refinancing. 19 June 2025

NEWS FEED

    June 20, 2025

    US – Deadline Fast Approaching For Data Security Program Compliance.

    - Brian J. Egan - Skadden,
    June 20, 2025

    Hong Kong’s Stablecoin Framework: Boring? Not Even Close.

    - David Cameron - DCLO,
    June 20, 2025

    Malaysia – Legal Updates June 2025.

    - Anand Raj - Shearn Delamore & Co,
    June 20, 2025

    India – Pouring Over The Law: Navigating Alcohol Advertising & Packaging Regulations In India – Part 1.

    June 20, 2025

    India – FIG Paper (No. 46 – Series 3): Contracting Considerations For Financial Institutions.

    - Anu Tiwari - Cyril Amarchand Mangaldas,
    June 19, 2025

    Vietnam – 3D Trademark Protection – Strategies To Improve The Registrability Of 3D Marks.

    June 19, 2025

    Strategies Required For Overcoming Trade Mark Registration Challenges.

    June 19, 2025

    Navigating The Deepfake Dilemma: Legal Challenges And Global Responses.

    June 19, 2025

    Vietnam Pilots Decentralization In Industry And Trade Sector.

    - Hoang Nguyen Ha Quyen - LNT & Partners,
    June 19, 2025

    Creating U.S. Tax Synergies Between Qualified Foreign Pension Funds And REITs.

Footer

Conventus Law
  • Facebook
  • Twitter
  • Linkedin

CONVENTUS LAW

  • About Us
  • Explore
  • Video
  • Events
  • Contact Us
  • Jurisdiction Channel
  • Practice Area Channel
  • Industry Channel
  • Law Firms
  • Business Of Law
  • Special Reports

OTHERS

CONVENTUS DOCS
CONVENTUS PEOPLE

3/f, 13/F, Two Harbourfront, 22 Tak Fung Street, Hunghom, Kowloon, Hong Kong

social@conventuslaw.com

Terms of use | Privacy statement © 2025 Conventus Law. All Rights Reserved.