Brave New Workplace
Welcome to the Brave New Workplace
on February 1, 2019
Updated on August 4, 2022
James Giszczak and his colleagues in data privacy and cybersecurity have a name for a frequent type of breach they handle on behalf of businesses: “coffeehouse cases.”
“It’s something we’ve run into with remote-employee situations,” says Giszczak, co-chair of the data privacy and cybersecurity group at McDonald Hopkins in Detroit. “The employee decides to do some work at the coffeehouse. You know: You place your order, you sit down, flip open the laptop, log in. It might be an encrypted computer, but you put in the security code—bypass all of the security. Then your order is ready, so you step up to the counter to get your cup of coffee, then come back to the table, and the laptop is gone.”
Now the bad guy has access to everything the employee had access to, including potentially sensitive information that could bring the company to its knees. “We’ve had dozens of these coffeehouse cases,” says Giszczak. Overall, his firm has handled approximately 2,600 data breaches for its clients—not all of them related to employees working away from the physical office, but enough of them for Giszczak and the firm to stay busy on their clients’ behalf.
Data security is just one of many potential problems, both big and small, in managing a remote workforce. The deskless employee, the remote worker, the telecommuter—all are here to stay. According to a study by the International Data Corporation, remote employees will account for about 72 percent of the American workforce by 2020. Its proliferation is partly due to the availability of affordable smartphones and tablets, the increasing use of corporate bring-your-own-device (BYOD) programs, and innovations in mobile technology.
Advantages of Remote Work
“In certain jobs and business models, employees may not need to have constant contact with the office or other employees,” says Raanon Gal, a partner at the Atlanta firm Taylor English. “Technology has made it easier for employees to work remotely.”
Employers face potential disadvantages of remote work as well as advantages when managing workers from afar, but careful preparation—having the right policies and practices in place—and a little enlightened self-interest can go a long way.
“Some employers have found that offering the telecommuting option is like offering an employee a benefit without additional overhead expense,” says Paul Wilhelm, who litigates employment disputes at Clark Hill in Detroit. “We have found that many newer workers in the workforce value flexibility as much as pay. Offering something like telecommuting is right in line with that trend.”
Wilhelm’s colleague at Clark Hill, Connie Cessante, who advises management on employment issues and litigates employment-related claims, adds, “It’s a practical advantage when you permit employees to work remotely. You’re giving them a better opportunity to achieve a work-life balance. In a sense, you’re converting time lost in a commute.”
Better Work-Life Balance and Higher Productivity
The plusses of a remote workforce, Cessante and Wilhelm say, include increased productivity (fewer interruptions), higher employee morale (and improved new-hire attraction) and reduced overhead (less spent on brick-and-mortar space, utilities, parking). Potential pitfalls include lower productivity, reduced ability to monitor performance, lack of face-to-face communication, inaccessibility during normal working hours, liability for at-home workplace injuries, and data security and confidentiality concerns.
“We recommend to employers with a substantial number of telecommuters that they have a telecommuting policy and agreement in place,” says Cessante. She and Wilhelm have a list of dos, don’ts and warnings they issue to clients (see sidebar).
For one thing, she says, “the employer should have engaged in some dialogue with the workers’ compensation insurer to make sure the employees are covered. Even if they are home-based, workers’ comp complaints are in play.”
Hourly remote workers have presented some difficulty for Lily McNulty’s clients at Laner Muchin in Chicago. She urges a proactive approach, particularly in an environment in which the number of compensation class action and collective action filings keeps increasing.
“The risk of wage and hour lawsuits creates substantial potential liability for many companies,” says McNulty, who represents employers in labor matters. “Employers must pay non-exempt employees for all hours worked, including time away from the job site and at home. Employers with telecommuters should establish a mechanism to track hours worked at home and should consider how the company will monitor employees’ work to keep them accountable, which can be more difficult if the employee works remotely.”
But, she adds, these concerns don’t have to be a downside; they don’t have to prevent employers from offering the telecommuting option. “Having policies in place regarding time-keeping is something all employers should do, especially with a remote workforce,” McNulty says. “And they should revisit those policies periodically.”
Full-Time, Part-Time and Contractors Distinction
In a gig-economy, it also pays to be clear on the difference between independent contractors and actual employees, because the rules differ for each. Recent proposed class action lawsuits have been filed on behalf of workers alleging they’ve been misclassified. IRS and Department of Labor issues can arise as well.
“It’s important that your remote workers are classified properly,” says Julian Fortuna, who advises businesses on tax matters at Taylor English. “Misclassification can be really expensive.”
Digital Security Concerns
So can a data breach, which presents a potentially massive legal and financial nightmare for any employer. According to a study by Ponemon Institute and IBM, the average cost of a data breach globally is $3.6 million—and more than double that, $7.3 million, in the United States. That doesn’t include the lousy PR and potential loss of customers.
“The capacity for harm is huge; it can shut a company down,” says Giszczak, who tries to gird his clients via a threestage strategy: inception, term and conclusion of employment.
The philosophy is: Do everything you can to avoid a data breach and, if it can’t be avoided, be prepared to deal with it. With so many cybervillains at the gate, security issues may be inevitable.
“At the outset,” he says, “the company should have a telecommuting policy; they should have a computer usage policy; they should have a BYOD policy; and they should have confidentiality agreements that state specifically what information is protected and what the employee should or should not be doing with that information. Companies need to make sure that they’ve got the appropriate legal agreements and that the employees are signing them.”
During employment, Giszczak says, “we want to make sure remote employees are being reminded about how important it is to protect information. We encourage clients to have little reminders, whether it’s an email, a phishing test, because what you find is, for most employees, their job isn’t about privacy and security. But we encourage employers to make privacy and security a top-of-mind issue with all employees, especially telecommuters.
“Quite frankly,” Giszczak adds, “the vast majority of data breaches are caused by a company’s own employees. And people sometimes have a tendency to be a bit more lax about these things if they’re not in an office environment.”
He says it’s a good idea to provide remote workers with the appropriate devices, or protection for their devices, and train them in developing best practices. What good is an encrypted laptop if there’s a Post-it with the password on it?
“We all laugh, but trust me, we’ve had our fair share of talks with people that have had computers stolen from the back seat of their car and, sure enough, the password was taped to it,” Giszczak says. “Sometimes, it’s a good idea for companies to set up a remote worker’s devices so that they can be remotely wiped clean.”
The last stage in Giszczak’s strategy is just as important as the first two. “Access to the company should be terminated,” Giszczak says. “Remember, at the outset there should have been a signed agreement stating that any corporate material should be returned or deleted, so former employees aren’t accessing sensitive data.”
“Data security is and will continue to be a challenge,” Cessante says. “It could be difficult to ensure that adequate protection is in place, especially with remote workers. But monitoring an employee’s computer activity, and establishing appropriate security protections, are best practices.”
Remote Work and Reasonable Accommodation
While more companies are allowing telecommuting and some jobs better lend themselves to it, it doesn’t work for every employer.
“If an employee’s disability prevents the employee from working on-site and the employee asks to work from home as a form of an accommodation, the company is required to engage in an interactive process to evaluate if it can provide the employee with such an accommodation,” McNulty says. “The employer may deny the work-from-home request if alternative accommodations are available or if working from home would create an undue burden on the company.”
According to a study by McNulty and her Laner Muchin colleague, Joe Yastrow, courts have traditionally not found telecommunicating to be a reasonable accommodation. But as working from home becomes increasingly common, the judicial trend is moving toward it, too.
Some employers are choosing to limit or move away from telecommuting, “because of perceived operational disadvantages,” says Wilhelm. “There are studies showing that lack of face-to-face interaction results in lower outcomes and productivity—the thought being that, if the situation impairs the quickness by which we communicate with one another, it impacts productivity.”
Human Resource Policies for Remote Work Environments
So far, that hasn’t been a problem for a business like FisherBroyles, a law firm of 220 lawyers without a physical location. The firm has grown like kudzu since being formed in 2002 by managing partners James Fisher and Kevin Broyles. “We’re a 16-year overnight success,” says Fisher, whose firm depends entirely on a remote workforce.
At any given moment, FisherBroyles partner Bates Lovett, a civil litigator based in Savannah, has no idea where his paralegal, accounting staff, marketing team or partners are located. And he’s not sure he cares.
“We get to hire the best people we can find, regardless of location,” says Lovett, who has developed a great working relationship with his paralegal, whom he’s met in person just a handful of times, because she lives in Atlanta. “We email, we talk on the phone, we text. The only thing we don’t do is sit in front of each other and talk. It’s not that big of a deal for me.”