The modern workplace – virtual offices moving in real-time.
Tools to mitigate the risks by remote working for business continuity
One of the key components for making this work is getting the real-time locations of all employees working remotely. The good thing is that real-time employee location is a commonly available and frequently used tool within the areas of travel risk management and crisis management communication.
What the company needs is an employee location platform for all employees that work remotely. Such platforms and functionality are available off the shelf with automated processes to get all or most employees onboard. Once the employee location information has been obtained, the location data must be integrated with the other platforms that require this information.
Combined methods for collecting positioning data
There are many methods of retrieving employee location, and there are many different suppliers in the market. The trick is to use a platform that combines multiple location techniques. For example, travel risk management traditionally uses flight tickets and hotel bookings, but this only works for remote workers on business trips. A more modern approach is to use work devices such as mobile phones, tablets or laptops.
Another, complementary solution is an office access control system, which can be used to verify whether an employee has entered the office. Ultimately, the aim is to combine location information from all available sources to obtain the employee’s most likely position.
Privacy and employee surveillance – conflicting demands
Of course, when adopting such a system, this gives rise to the issue of privacy and employee surveillance. Companies have a responsibility to their employees’ safety; at the same time, they must also respect their privacy.
The acceptance of employee location platforms varies significantly between different cultures and countries.
In some European countries, for example, the privacy issue is a frequent bone of contention, requiring local union approval before implementation. That said, there is no legislation to prevent companies from monitoring the location of their employees while they are working — only regulations regarding how they do so, and how this information may be used.
The best tools for privacy
Managing the privacy concerns of employees and unions requires creative solutions. In this regard, experience suggests that the best tools are obfuscation filters and limits on both the collection and retrieval of location information.
Techniques for ensuring employee privacy:
- Hide the exact position of the employee and show only their location area, such as city, state or country.
- Retrieve the employee’s location only when they are actively working
- Show current location only — not historical movements (many platforms support ‘breadcrumb trails’ that can document minute-by-minute movements; this is not just privacy-invasive but also seldom useful given that city, state or country-level information is sufficient for most companies’ needs).
- Limit access to location information.
- Allow employees to set their own privacy filter or level of privacy (experience suggests that if employees know that they can at any time shut off location reporting or obfuscate their location, then they are more likely to allow the system to report their exact location on an ongoing basis; the primary concern for employees would appear not to be privacy per se but rather the loss of agency associated with it.)
Mitigating the risks with employee location information
Once the employee location information has been obtained, the next step is to mitigate the risks.
One recommendation is to set up a 24/7 assistance call center service that can be used for any type of work-related emergency. Historically, such call centers have mainly been used within travel risk management, with the most common case being companies purchasing travel insurance that includes 24/7 medical assistance in the event that an employee needs medical care during a business trip.
Similar processes and structures for medical emergencies can be used for all types of emergencies for all employees who work remotely, as well as situations other than medical emergencies, such as physical security emergencies or suspected cyber-attacks.
Medical and security assistance by the press of a button
When set up properly, the employee can press a button at any time of the day, in any location in the world, and connect directly to an assistance call center with established processes to manage different types of situations. It is also recommended to make provision for an override mode so that calls to the call center automatically disable the privacy settings in the employee’s phone in order to send accurate and up-to-date location information to the call center operator.
Having such guaranteed location information makes it possible for the call center operator to assist the employee much more efficiently. Most obviously, it obviates the need for the employee to provide precise information about their location — something that can be difficult when in unfamiliar territory.
For example, at any given moment, few people know the exact address of the café they are in or the name of the street they are walking down.
As it is very expensive to set up a 24/7 assistance call center, it often makes financial sense to outsource this service. To this end, there are numerous suppliers of assistance call center services. Most of these focus on medical assistance, but many do also offer other types of assistance, such as security or 24-hour office support.
Emergency Assistance processes
These call centers work with companies to establish customized processes. In what follows, this article provides an example of some of the assistance call center processes implemented by Safeture and delivered by Falck Global Assistance.
Figure 2 describes the processes for initiating the assistance work, either by the employee calling the assistance call center or by an external crisis event that might affect one or more employees.
Figure 3 presents an overview of the process for an assistance event of a medical nature. This process draws on the assistance provider’s detailed internal processes for managing such an event.
Figure 4 describes an overview of the process for a security-related assistance event. This process draws on the assistance provider’s detailed internal processes for managing such an event. In this case, there is also a specialized security company that the call center can bring in.
All the detailed processes for medical and security events can, of course, be complemented, modified or replaced by company-specific detailed processes.
Safeture, for example, used many of the standard detailed processes developed and used by its assistance provider.
One number for any kind of incident – predefined protocols
If set up properly, the company can provide its employees with a single phone number that they can call in the event of any kind of incident that could impact business, such as a suspected cyber security breach, natural disaster, medical emergency, IT outage or physical threat.
It is also possible to set up predefined protocols that can be activated automatically. For example, if a disaster occurs, the call center can automatically start the process of checking on the well-being of employees in the area, per the process described in Figure 5.
Knowledge and e-learning to mitigate risks in remote working
Another method to mitigate risks for remote workers is through education via e-learning tools. As employees are very much on their own when working remotely, it is prudent to increase their knowledge regarding how best to mitigate the risks to which they are exposed — or to which they are exposing the company.
Cyber security risks growing – remote workers a soft target
For example, cyber security risks are growing, and remote workers represent an especially soft target for hackers. According to a survey of 1,100 IT decision makers by HP Wolf Security, 54 per cent of IT decision makers saw an increase in phishing over the last year; 56 per cent saw an increase in web browser-related infections; and 44 per cent saw compromised devices being used to infect the wider business.
Meanwhile, 70 per cent of the office workers surveyed admitted to using their work devices for personal tasks, while 69 per cent reported using personal laptops or printers for work activities. Almost one-third (30 per cent) of remote workers surveyed reported letting someone else use their work device. It is because of behaviors such as these that hackers are increasingly targeting remote workers. Educating remote workers on cyber security and how to use the different tools safely helps to mitigate some of the risks related to cyber security.
E-learning benchmarks employees’ security knowledge
E-learning tools that include tests and result reporting make it possible to remotely educate large groups of remote workers on cyber security and follow up on any that have not taken the courses or who have failed the tests. These tests can serve as a screening stage so that workers are not allowed to work remotely unless they have passed the pertinent tests in the e-learning tool.
For example, travel approval tools or remote worker approval tools can automatically correlate the e-learning test results before approval is given. Cyber security is just one topic for e-learning, and the same tool can be used for educating on other risks relating to remote working, such as travel risks, home office security risks, medical risks and so forth.
BCM suite solutions likely to grow according to Gartner
The increase in the number of people working remotely also exposes the need to integrate multiple functionalities within the ERM, BCM and CM software tools space. For example, it is now prudent to integrate compliance tools with emergency response tools in order to correlate employee locations with tax compliance requirements.
The need for integrated BCM solutions with multiple functionalities seems likely to grow. Indeed, while only 15 per cent of the BCM software purchases made in 2020 were suite solutions, Gartner predicts that this will increase to 75 percent in 2025.
This article has presented a few tips to help manage the impact of remote working on ERM, BCM and CM. For example, it recommends viewing historical, current and future employee locations as “virtual offices” that move around with the employee. It also recommends that firms adopt an employee location system that can retrieve location information from multiple sources. Such systems need to be able to integrate with different systems, such as mass communication and crisis management systems.
It is also important to be able to correlate employee location data with local country compliance data and risk intelligence. At the same time, however, companies need to respect their employees’ rights to privacy by giving them the option to hide their location, should they so wish. As counter-intuitive as it may sound, this will actually help drive the adoption of the system.
This article has also advocated the benefits of having a 24/7 assistance call center with predefined processes for different types of events that may affect remote workers. These call centers likewise need access to real-time location information about the employees that need to use the services they offer.
Education also plays a vital role in the brave new world of remote working. With the right follow-up, this can be used to prepare employees better for the risks of working at home.
In short, companies need to update their policies to adopt the processes and tools necessary to address their increased exposure to the risks associated with remote working.
Gartner®, ‘Remote Work Rates Before, During and After the COVID-19 Pandemic’, Human Resources Team , Refreshed 11 May 2021, Published 4 June 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Accessed 2 December 2021, available at: https://www.gartner.com/document/3985972.
Randstad (2020) ‘nio av tio vill fortsätta arbeta hemifrån i framtiden’, available at: https://www.randstad.se/om-oss/press/nio-av-tio-vill-fortsatta-arbeta-hemifran-i-framtiden/ (accessed 2nd December, 2021)
PricewaterhouseCoopers (2020) ‘The future of remote work’, available at: https://explore.pwc.com/remotework (accessed 2nd December, 2021).
Woodman, P. (2008) ‘Business Continuity Management 2008’, available at: https://continuitycentral.com/BCMReport2008.pdf (accessed 2nd December, 2021).
Goldsmith, M. (2021) ‘How remote workers can create business risk’, available at: https://www.ey.com/en_us/tax/how-remote-workers-can-create-business-risk (accessed 2nd December, 2021).
HP Wolf Security (2021) ‘Blurred lines and blindspots’, available at: https://threatresearch.ext.hp.com/wp-content/uploads/sites/11/2021/05/BPS_Wolf-Security-Blurred-Lines-Report.pdf (accessed 2nd December, 2021).
Gartner®, ‘Market guide for business continuity management program solutions’, Gregory, D. and Witty, R. (2021). GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Accessed 2 December 2021, available at: https://www.gartner.com/document/3994760?ref=lib