The return from lockdown: seven risk and compliance considerations for distributed workforces
- Published: Tuesday, 26 May 2020 08:34
NAVEX Global has provided a checklist of seven key considerations for business leaders and decision makers preparing their organizations for a return to work after COVID-19 lockdowns.
The COVID-19 pandemic has brought organizations to a virtual standstill, prompting immediate updates to business plans and the mass-adoption of unfamiliar working practices. Now, many are turning their attention towards what will come next. Maintaining data security standards, remaining vigilant of increased or emerging risks, and ensuring easy adaptation for workers during this transition will be vitally important. Here are some key risk and compliance considerations for businesses who are now plotting their next move:
Prepare for a phased return to the workplace
With most of the world having been in lockdown, remote working rules have already been rolled out across organizations. But any return to the workplace is unlikely to mean a return to normality. You may need to create a working rota to avoid physical contact, draft and distribute new policies and procedures to your workforce, and make sure your employees attest to the new standards and procedures.
Deploy secure channels for network access
According to a report released in January 2020 by the Identity Theft Resource Center, four out of five data breaches in 2019 were caused by hacking or unauthorised access. A continuation of remote working for parts of your workforce will require your employees to access sensitive data, meaning a secure network access channel is vital. An encrypted network and cloud-based data storage are therefore ‘must-haves’ for your business.
Revisit your business continuity plan
To be truly resilient, a business continuity plan must account for the organization’s present, not its past. As the pandemic environment has demonstrated, relying on an obsolete business continuity plan can be more dangerous than having no plan at all, as it can provide a false sense of security. The unprecedented nature of a global pandemic may mean your current continuity plan requires immediate attention – especially should a second or third wave of infection strike. Begin working on a new one to adapt to the current, and possible future situation.
Monitor and adapt plans
Crucially, all risk must be continuously monitored, with plans updated to reflect any and all changes. Business processes are necessarily fluid, as are the broader circumstances surrounding them. Vendors, suppliers, staff and resources change over time, impacting business operations and logistics. Similarly, world events such as a pandemic and geopolitical changes can alter an organization’s processes. Ensure you have implemented a robust risk management solution that provides ongoing visibility of such risks, and look for opportunities to automate wherever possible to maximise efficiency.
Communication, communication, communication
Keeping employees up to date on emerging threats and changing circumstances - and the company’s response to them - is of the utmost importance. Throughout the early days of the pandemic, some organizations struggled to ramp up communications to their workforce – particularly within businesses where workers did not have access to digital communication tools. Colleagues need reassurance from their employers, so try to establish effective, accessible tools for communicating to your entire workforce, and try to establish a regular, predictable cadence of updates.
Consider third party due diligence risks
Even in this extraordinary situation companies are still legally liable for their own compliance failures and, in many situations, within their supply chains. Market changes generate opportunities for fraud or bribery and corruption weak spots to enter the supply chain and, with organizations working quickly to bring on new vendors, it’s vital that vigilance remains high. With many colleagues still working remotely for the foreseeable future, implementing a central monitoring hub to undertake the necessary due diligence activity will become even more valuable.
Prepare for long-term disruption
The very nature of a pandemic means that it’s almost impossible to know when it will end, and what the ebbs and flows will be. Your business must remain flexible to changing circumstances, lockdown rules being lifted and enforced in varying severity, and all of this to differing degrees across the world. Your business continuity plan should be a living document, changing and adapting to circumstances when needed – so make sure it is revisited frequently.