The Government officially dropped its instruction to employees to work from home where possible on July 19. However, at the press conference to announce the end of most of the Covid-19 restrictions, the Prime Minister and the medical experts advised employers to allow a “gradual return”, with Boris Johnson saying:
“We’re removing the Government instruction to work from home where you can, but we don’t expect that the whole country will return to their desk as one from Monday. We’re setting out guidance for business for a gradual return to work over the summer.”
Coupled with the fact that many firms are contemplating allowing staff to remain at home in any case, or are at least planning a ‘hybrid’ approach, where employees would attend the office for part of the working week, this all means that homeworking is here to stay for many of us. Given this is the case, how can the risks be mitigated?
The speakers at the UK Finance webinar on this subject were Claire Rees, Head of Fraud and AML at Computershare Loan Services; Ian Walker, Head of Financial Crime at Skipton Building Society; and Tracey Carpenter, Proposition Manager – Insider Threat at fraud prevention service Cifas.
Ms Carpenter commented on a reduction of one-third between 2019 and 2020 in the number of filings to her organisation’s Internal Fraud Database. She suggested that this was unlikely to be due to a significant reduction in fraud levels, but that it was more likely that firms were failing to identify as much fraud now staff were working at home. She also suggested that an employee returning from furlough might be more likely to commit fraud on their return, in order to make up lost earnings.
She also said there had been an increase of one-third between 2019 and 2020 in the number of reported instances of employees illegally obtaining or disclosing personal or company data and suggested that this was because it was so much harder to supervise the activities of staff when at home. Ms Carpenter added that the true extent of the problem is likely to be worse as many firms will not yet have realised that a data breach has occurred.
Mr Walker said that – in addition to the potential for employees to act without detection – home working could lead to it being easier for fraudsters to target financial services staff.
Ms Rees highlighted that other issues related to the pandemic could lead employees to be more willing to commit fraud, which include the fear of redundancy; and various family issues, such as partners losing their jobs or suffering a reduction in income.
She also mentioned the potential for home working to lead to those who live with financial services staff gaining access to confidential information: computers might be left unlocked, conversations might be overheard or email communications might be printed out and left lying around.
Mr Walker said firms’ response to the increased risk should comprise two elements: education (ensuring staff understand the risks and how to mitigate them) and monitoring (ensuring firms can detect inappropriate activity when it occurs in an employee’s home).
46.3% of attendees at the session admitted they had not delivered any specific training to employees regarding the risks of home working.
Mr Walker outlined the essential topics to be covered in educational training:
- Tactics used by fraudsters, e.g. phishing
- Basic data protection principles and the need to keep data secure
- Guidance on setting strong passwords
He also mentioned that there is a potential risk on the first day that staff return to the office, namely how do firms ensure that only authorised personnel enter the building when some staff may have joined during the pandemic and have never entered the office previously? Do the security staff know who is meant to be there and who isn’t?
Ms Rees urged home workers to consider these additional issues:
- How do they dispose of documents?
- How secure is the wi-fi?
Mr Walker said that most firms will not need an entirely new monitoring system to deal with home working, and that a few tweaks to existing procedures will often suffice.
Ms Rees said it was vital that firms ensured any equipment in the possession of someone who leaves employment was still returned to the firm; and that it was also important new staff were vetted to the same standard as before.
Another issue she highlighted is that staff might have been less inclined to book annual leave during the periods of full lockdown. Are firms prepared for a resulting increase in the number of holiday requests now society has re-opened?