Do I Need BYOD and Remote Work Policies?

COVID-19 created a “new norm” for companies attempting to keep their businesses running during state mandated closures and social distancing limitations.  Initially using remote work as a temporary solution as they rearranged offices and developed new safety standards, some industries and employees have found that remote work was actually beneficial, and plan to continue remote work in some form for the foreseeable future.

The sudden and unplanned change, however, came with challenges and pitfalls.

While remote work is not “new,” it was not business as usual for many companies as managers grappled with questions about how to handle attendance, information security, productivity, and other concerns with employees working from different locations.

Whether part of a Disaster Recovery plan or a go-forward guide for employees working remotely on a regular basis, without policies and procedures in place, things can go wrong, fast.

  • Stan called his manager to share that unfortunately, some company data was lost on the family laptop when his son unknowingly installed a virus-infected desktop application.
  • A client wrote in to complain that his representative John (your employee) canceled and rescheduled a call three times, and when the call finally occurred, it was impossible to hear due to construction going on in the background.
  • Linda had not answered emails or returned phone calls in two days. When her colleague finally reached her, she stated that she had a family emergency out of town, and the home she was staying at was having Wi-Fi problems. Because she didn’t have anything pressing to do, she did not think it was a problem. 

What, exactly, should be part of a Remote Work Policy?  Is it really that different from an employee handbook?

A Remote Work Policy or Agreement should reflect content in your existing policies with adjustments to fit remote-work situations. The workplace itself will be different, and remote policies or operational procedures should reflect this.

General policies should address:

  • Do you expect individual working schedules to be flexible or rigid from a home office?
  • How (and when) do they request time off?
  • What are the core hours of availability for employees working from home?
  • What is the required turnaround time for responding to emails/voicemails?
  • How (and when) do they report Worker’s Comp. claims when remote working?
  • Are they prohibited from storing data outside of a network server or other company managed file storage program like Dropbox or SharePoint?

Standard Operating Procedures could include:

  • How often do they (or you) check in?
  • Are they to use a chat channel, text, email or phone call to drive collaboration with co-workers?
  • Do they need their cameras on during virtual meetings? (And should they use a virtual background?)
  • How will they communicate that work has been completed? How should they submit their work?
  • What basic etiquette should they use to handle interruptions during calls and meetings?

The list goes on…

Without defined parameters and policies, expectations are unclear, and we know from experience that it is next to impossible to hold employees accountable for not meeting guidelines that they were never aware of.

One-size-fits-all may not be the answer, either, and if some roles have different expectations than others, these should be outlined in job descriptions written specifically for the remote version of the position. 

What about IT?  Do we have to provide equipment, or can employees use their own?

Every employer needs to determine what will be provided in terms of equipment so employees can do their jobs.   In the case of standard office equipment, employers have the choice of issuing laptops or desktops and cell phones or asking employees to use their own, known as Bring Your Own Device (BYOD) policies. Asking employees to use their own devices can be tricky if you fail to check state and local regulations. In some states, personal equipment used for business must be reimbursed to employees, as are any supplies that must be purchased to conduct day-to-day work.

There are also security considerations.  The quick transition to remote work sadly became a heyday for cyber criminals. Small companies without traditional IT support were left vulnerable as employees began working on unsecured home networks and lacked proper cyber security training to prepare them for working outside the office.

BYOD policies should address not only who is responsible for hardware loss or use, but also security expectations for employees who connect their personal devices to company software.  Employees should sign off on “BYOD” agreements that outline specifics such as basic password security, use of 2-FA, activating a VPN at home or in public, where to store data, what cyber training they need to complete, protection of Personally Identifiable Information (PII) by using only secured means of communication, and/or not sending sensitive or confidential information in unsecured emails, etc.

So, back to the question: “Do you need BYOD and Remote Work Policies?” Yes. Yes, you do.

Click the link to view the recent blog: Labor Law Updates – September 2020 or check back for more on human resources, payroll, insurance, and benefits.