• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Conventus Law

Conventus Law

Conventus Law

  • About Us
  • Channels
    • Jurisdiction Channel
    • Practice Area Channel
    • Industry Channel
    • Business Of Law
    • Law Firms
    • Special Reports
  • Video
  • Events
  • Explore
  • Search
  • Membership
  • Conventus Doc
x
Search

More results...

Generic filters
Home » Special Report » Assessing And Addressing WFH Risks.

Assessing And Addressing WFH Risks.

March 29, 2022

March 29, 2022 by

Companies must develop risk assessment and containment strategies that reflect the new working-from-home (WFH) dynamic. Companies which have adopted WFH strategies to preserve efficiency and productivity in the face of the coronavirus (COVID-19) pandemic now need to carefully review their risks profiles. 

WFH has become commonplace across the business world, with companies moving quickly to adapt to social quarantine measures and stay-at-home orders. Global Workplace Analytics has forecast that around 30% of the global workforce is expected to work remotely by the end of this year, . 

One of the most profound discoveries has been that rather than lost productivity, employee output has either remained the same or, in many cases, increased – although the productivity rate does vary between different industry sectors. But with concerns around sustaining productivity outside of the office largely somewhat allayed, now is the time for managers to begin focusing on the various risks and challenges posed by remote / flexible working. 

Employees working from home – where distractions and temptations are more numerous, the threat of cyber attacks is higher and the sense of professionalism and adherence to corporate policies, procedures and protocols is lower – all invariably present a greater risk to their employer companies. 

Kevin Bowers, founding partner at Hong Kong-based bowers.law, told Conventus Law that companies needed to start weighing-up the broad spectrum of risks posed by a remote workforce. 

Phishing trip 

“Employees are much more likely to fall prey to phishing attacks when working from home. This boils down to their removal from a professional environment, where procedures and protocols can be more easily implemented, applied and reinforced.”

Kevin Bowers, founding partner at Hong Kong-based bowers.law

He said: “Employees are much more likely to fall prey to phishing attacks when working from home. This boils down to their removal from a professional environment, where procedures and protocols can be more easily implemented, applied and reinforced.” Phishing attacks accounted for 90% of data breaches, according to Cisco’s 2021 Cyber Security Threat Trends report which was published on 1 November 2021. The success rate of these attacks lies in the fact that they target the weakest link in the security chain – the user. Whilst companies have traditionally leaned on their IT teams to employ hardware, software and training solutions to combat this ever-increasing threat, these approaches have been undermined by WFH strategies. Home offices are often characterised by inferior network security, the use of personal hardware rather than the company vetted systems, and an increased number of distractions. Add to this list the fact that employees WFH are less motivated to liaise directly with their colleagues, and the chances of a successful phishing attack soar. 

Automation platform Ivanti reported in July 2021 that from a survey of more than 1,000 enterprise IT professionals, 74% of respondents reported that their organisations had been compromised to a phishing attack within the previous 12 months, with 40% noting that they had experienced an attack in the previous month. Bowers said: “A classic phishing attack targets accounts teams with payment requests or a request to change banking details. Employees who are working from home – where they’re less engaged / more distracted and without any actual pressure or oversight to implement or apply corporate and accounting policies, procedures and protocols – are more likely just to hit the send button in response to these these phishing requests.” 

Reputational risk 

Beyond the security risks created by a geographically dispersed workforce, companies must also weigh-up the potential reputational risks WFH strategies can create. Employees have always been a source of risk in terms of their behaviour on social media platforms – either their own or their company’s – and these platforms have seen a marked increasing in use since the start of the pandemic. 

All social platforms – including LinkedIn, Facebook and Twitter – experienced an 8-38% uptick in their monthly active user bases between 2019 and the start of 2021, according to Statista. 

“There is a heightened risk of employees working remotely posting inappropriate material on personal social media which could create negative and damaging publicity for their employers,” Bowers said. “However, companies’ efforts to track employee activity have also led to poor management decisions, including the infiltration of employee groups and tracking online activity in order to covertly observe their behaviour.” Corporate reputation is an intangible asset that is difficult to manage, but carries considerable benefits such as increased customer and employee loyalty. As such, protecting that branding and reputation should be of paramount importance. Bowers said: “Companies need to adopt a ‘prevention is better than cure’ approach when developing policies for risk management. Once that cat is out of the bag, it’s a nightmare to get back in.” 

Prevention better than cure

With WFH becoming more commonplace, it is more important than ever for companies to double down on policies, procedures and protocols. Employers need to both understand the challenges that remote working creates and aim to mitigate the associated risks. Bowers said: “It’s vitally important that those policies, procedures and protocols are actually implemented and not simply posted on the intranet with little to no follow through. Remote working requires companies to develop greater engagement with their teams.” 

“There are insurance risks connected with employees working remotely. For example, professional indemnity, occupiers’ liability and employee personal injury compensation. Companies also need to consider the increased risk of breaches of confidentiality, personal data rules as well as breaches of regulated activities in regulated financial or professional services sectors.” 

Kevin Bowers, founding partner at Hong Kong-based bowers.law

Bowers argued that a broad spectrum of risk had emerged owing to the shift away from a centralised working environment to home offices. He said: “There are insurance risks connected with employees working remotely. For example, professional indemnity, occupiers’ liability and employee personal injury compensation. Companies also need to consider the increased risk of breaches of confidentiality, personal data rules as well as breaches of regulated activities in regulated financial or professional services sectors.” 

As the world transitions towards a post-pandemic era, where COVID becomes endemic, the push for flexibly working overseas is only likely to increase. Bowers said: “Remotely working overseas creates its own set of risks. For example, which law will be applied to 

the employment relationship? Is it the jurisdiction of the country in which the employer company is based, or the jurisdiction of the country where the employee is working remotely? These are questions that need answers now.” 

When all else fails… 

Ultimately, human error can and will inevitably lead to lapses in judgement and breaches of protocol. The rising tide of successful phishing attacks is testament to this fact. Whilst developing a comprehensive prevention strategy should be a company’s leading priority, management also needs to embrace the development of an organised crisis management plan (CMP). Bowers said: “Companies must be ready with an organised CMP with personnel from each key department allocated appropriate roles.” This means, he said, having members of the legal, PR, communications, accounts and IT departments (in addition to the c-suite) on permanent stand-by in order to be able to mount an effective rapid response to any crisis, as maintaining control over a rapidly evolving crisis situation is key to overcoming the problem. 

The pandemic has changed almost everything and will likely continue to shape how the business community operates for several years to come. Developing the necessary strategies to counter existing and emerging threats before they happen is essential to remaining competitive. Bowers advises: “Dust-off and update those risk and crisis management playbooks today”!

This article was written by Andrew Kemp for Conventus Law in association with Bowers.Law.

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position or policy of Bowers.Law or its other employees and affiliates.

For further information, please contact:

Kevin Bowers, Partner, Bowers.Law

kevin.bowers@bowers.law

Tags: Bowers.Law, Risks

Primary Sidebar

PRESS RELEASES

  • US – Crowell & Moring Adds Antitrust And Competition Senior Counsel Ryan Marth In Minneapolis. 1 July 2026
  • Crowell & Moring Earns Recognition Across Europe In 2026 IP Stars Guide. 1 July 2026
  • DivinaLaw At The Oil & Gas, Offshore Wind Expos. 30 June 2026
  • Linklaters Advises HSBC On POSCO International’s Krw 140bn Digital Bond Issuance. 30 June 2026
  • Linklaters Advises On Baige Online Digital Technology’s HKEX IPO. 30 June 2026

NEWS FEED

    July 1, 2026

    India – Marijuana Detection Breathalyser’ Patent Resurrected: Delhi High Court Sets Aside Refusal Order.

    - DPS Parmar - Lex Orbis,
    July 1, 2026

    India – Delhi High Court Sets Aside Patent Refusal For Lack Of Scientific Reasoning And Impermissible Hindsight Analysis.

    - DPS Parmar - Lex Orbis,
    July 1, 2026

    India – Calcutta High Court Clarifies IPRS’s Right To Claim Royalties For Underlying Musical And Literary Works In Sound Recordings.

    - Manisha Singh - Lex Orbis,
    July 1, 2026

    India – Bombay High Court Holds Rule 45 Deadline Under Trade Marks Rules To Be Directory, Not Mandatory.

    - Manisha Singh - Lex Orbis,
    July 1, 2026

    Making Wellbeing A Priority As An In-House Lawyer.

    July 1, 2026

    India – The Legal Architecture Of A Successful IPO: Lawyers, Merchant Bankers, Auditors And Promoters Working Together.

    July 1, 2026

    India – The DRHP Is Not A Marketing Document: Managing Disclosure Liability In Indian IPOs.

    July 1, 2026

    Qatar Labor Law: Key Amendments Introduced By Law No. 9 Of 2026.

    July 1, 2026

    US – When Trade Secret Theft Becomes Racketeering: What The Fifth Circuit’s New Ruling Means.

    July 1, 2026

    How To Protect Yourself When A Client Doesn’t Pay: Legal Options For Singapore SMEs.

Footer

Conventus Law
  • Linkedin
  • Twitter
  • Facebook

CONVENTUS LAW

  • About Us
  • Explore
  • Video
  • Events
  • Contact Us
  • Jurisdiction Channel
  • Practice Area Channel
  • Industry Channel
  • Law Firms
  • Business Of Law
  • Special Reports

OTHERS

CONVENTUS DOCS
CONVENTUS PEOPLE

Room 1601, 16th Floor,               Wing On Centre, 111 Connaught Road Central, Hong Kong

social@conventuslaw.com

Terms of use | Privacy statement © 2026 Conventus Law. All Rights Reserved.