Think about access to servers generally, and to all the work-critical systems necessary to function effectively. If you do not know the answer to this, it is important to find out now.
You need to take into account whether people can access relevant systems from their own devices if necessary? Will that option provide them with access to all necessary systems for their role? Certain functions, such as HR and Accounts, and some limited licenses software may require specialist access rights. Identify these requirements early and consider workarounds to ensure continuity of service.
Think about access to servers generally, and to all the work-critical systems necessary to function effectively. If you do not know the answer to this, it is important to find out now.
You need to take into account whether people can access relevant systems from their own devices if necessary? Will that option provide them with access to all necessary systems for their role? Certain functions, such as HR and Accounts, and some limited licenses software may require specialist access rights. Identify these requirements early and consider workarounds to ensure continuity of service.
Working outside of the office environment means fewer controls on how and where people work. It is critical that you have a comprehensive and clear policy on remote working. We recommend that all staff are issued with summary guidelines highlighting the key messages and requirements - as this is much easier to reference than several detailed policies, and therefore more likely to be followed. This should extend to wider issues about ways of working; rules for taking hard copy files and documents out of the office, and for protocols for telephone/other conversations in public, as well as security precautions to be taken to reduce the risk of lost devices (memory sticks, smart-phones, tablets and laptops) are equally important. A link to QBE template checklists is provided at the end of this guidance.
Windows7 is no longer supported, so is insecure, regardless of what antivirus technology is installed. If staff are using their own devices, any security update should be circulated (and acknowledged) requiring work systems to be accessed from Windows10 devices (or equivalent up to date Apple computer). It is also worth enforcing the message, at intervals, that security patches must be installed promptly, or auto-updating employed.
Working outside of the office environment means fewer controls on how and where people work. It is critical that you have a comprehensive and clear policy on remote working. We recommend that all staff are issued with summary guidelines highlighting the key messages and requirements - as this is much easier to reference than several detailed policies, and therefore more likely to be followed. This should extend to wider issues about ways of working; rules for taking hard copy files and documents out of the office, and for protocols for telephone/other conversations in public, as well as security precautions to be taken to reduce the risk of lost devices (memory sticks, smart-phones, tablets and laptops) are equally important. A link to QBE template checklists is provided at the end of this guidance.
Windows7 is no longer supported, so is insecure, regardless of what antivirus technology is installed. If staff are using their own devices, any security update should be circulated (and acknowledged) requiring work systems to be accessed from Windows10 devices (or equivalent up to date Apple computer). It is also worth enforcing the message, at intervals, that security patches must be installed promptly, or auto-updating employed.
Email traffic is likely to increase in extended remote working circumstances and this could be used to mask phishing attempts, spoof emails and other forms of social engineering. Now would be a good time to remind your employees of key policies, what to look out for, and the need to be vigilant.
Practicalities to think about include:
• How will your payment fraud prevention measures operate in a remote-working situation?
• For those subject to client due diligence requirements, how will Know Your Client checks be conducted?
• If the former is reliant on a small core of people, and/or licenses for electronic checks are restricted, can others be trained, and licenses reallocated to allow for staff shortages?
• Who are the alternates if the usual escalation personnel are not available?
Email traffic is likely to increase in extended remote working circumstances and this could be used to mask phishing attempts, spoof emails and other forms of social engineering. Now would be a good time to remind your employees of key policies, what to look out for, and the need to be vigilant.
Practicalities to think about include:
• How will your payment fraud prevention measures operate in a remote-working situation?
• For those subject to client due diligence requirements, how will Know Your Client checks be conducted?
• If the former is reliant on a small core of people, and/or licenses for electronic checks are restricted, can others be trained, and licenses reallocated to allow for staff shortages?
• Who are the alternates if the usual escalation personnel are not available?
In an open plan office, supervision can be continuous to an extent but that is clearly limited in remote working conditions. Frequent, regular and structured catch-ups will need to be agreed for each individual, based on the type of work, level of experience, remote monitoring capability etc. There is no ‘one size fits all’ and arrangements should always be risk-based. Day-to-day authority levels, sign offs and reviews needed should be made very clear.
Operating centralised electronic work and document management systems, allows both remote review and service continuity should a staff member become ill - providing such records are kept up to date. Management reports from these and other systems should enable risk behaviours and factors to be identified remotely, for example:
• lack of progress
• out of scope workload and/or range
• imminent deadlines / critical dates
• high-risk triggers
• high work-in-progress levels and/or approaching limits agreed
• unusual patterns of file downloads
• unusual patterns of payments.
They also can provide another line of defence, by building in alerts and supervisor sign off requirements at key stages or when certain high-risk flags are triggered. In the absence of such controls, it may be worth putting in place reporting templates which frame regular review meetings between remote teams and their managers.
In an open plan office, supervision can be continuous to an extent but that is clearly limited in remote working conditions. Frequent, regular and structured catch-ups will need to be agreed for each individual, based on the type of work, level of experience, remote monitoring capability etc. There is no ‘one size fits all’ and arrangements should always be risk-based. Day-to-day authority levels, sign offs and reviews needed should be made very clear.
Operating centralised electronic work and document management systems, allows both remote review and service continuity should a staff member become ill - providing such records are kept up to date. Management reports from these and other systems should enable risk behaviours and factors to be identified remotely, for example:
• lack of progress
• out of scope workload and/or range
• imminent deadlines / critical dates
• high-risk triggers
• high work-in-progress levels and/or approaching limits agreed
• unusual patterns of file downloads
• unusual patterns of payments.
They also can provide another line of defence, by building in alerts and supervisor sign off requirements at key stages or when certain high-risk flags are triggered. In the absence of such controls, it may be worth putting in place reporting templates which frame regular review meetings between remote teams and their managers.
Isolated working, working under non-routine and sub-optimal arrangements, and attempting to cover for absences will lead to anxiety and stress for some people. Buddy arrangements, regular updates, and a regular check-in regime, both individually and in teams using a team-talk facility like Skype or MS Teams, can help reassure people, make them feel more in touch and allow them to offload concerns. More guidance on caring for your mental health while working from home can be found here.
We see many claims even during normal working times where distractions are a contributory factor - working at home during holidays, working remotely whilst travelling etc. The level of distraction looks set to increase dramatically considering the likelihood of having children and/or sick relatives at home for extended periods and the challenges that could bring to what might normally be a quiet place to focus. Be aware of this heightened risk - double check and check again, or better still operate a tighter review protocol on work considered to be at higher risk
Isolated working, working under non-routine and sub-optimal arrangements, and attempting to cover for absences will lead to anxiety and stress for some people. Buddy arrangements, regular updates, and a regular check-in regime, both individually and in teams using a team-talk facility like Skype or MS Teams, can help reassure people, make them feel more in touch and allow them to offload concerns. More guidance on caring for your mental health while working from home can be found here.
We see many claims even during normal working times where distractions are a contributory factor - working at home during holidays, working remotely whilst travelling etc. The level of distraction looks set to increase dramatically considering the likelihood of having children and/or sick relatives at home for extended periods and the challenges that could bring to what might normally be a quiet place to focus. Be aware of this heightened risk - double check and check again, or better still operate a tighter review protocol on work considered to be at higher risk
Sign-up to be notified about future articles from the Resilience Series, and other thoughts, reports or insights from QBE.