Work from Home Tips for Safety and Productivity


For many businesses, allowing employees to work from home has changed from a privilege or perk to a necessity as measures are being taken to slow the spread of the novel coronavirus that causes COVID-19. As they shift from having full conference rooms to video conference calls, employers can review the following suggestions to help keep their organization, and employees, safe and productive.

General Work from Home Tips for Employers

The Society of Human Resource Management (SHRM) offers several prudent tips for organizations to follow when considering their new, virtual workforce. One of the most important tips is to create a work from home policy, disseminate it to all employees, and make clear that strict adherence is required.

PHLY customers have access to the following resources, which may assist with creating policies and other documents:

  • in2vate
    PHLY Management Liability Insurance customers with Directors and Officers (D&O) or Employment Practices Liability (EPL) coverage are eligible for a free in2vate membership. In addition to sample policies, they provide web-enabled employment practices services, including training and management tools for harassment and discrimination. Register for in2vate here.

  • Nonprofit Risk Management Center
    PHLY Non-Profit Insurance customers are eligible for a free Nonprofit Risk Management Center membership. They offer practical risk management resources, including webinars, unlimited consultation, and sample forms and documents. Register here to gain immediate access.
In addition, Telework.gov provides a safety checklist, among other information and checklists. The state of Virginia has its own website with a free safety checklist, and SHRM has their own at-home work policy.

The physical safety of remote workers should also be considered. The Occupational Safety and Health Administration (OSHA) has communicated guidance that while the employer is not liable for an employees' home office, the employer is still required to keep records of injuries that occur there. Organizations should contact their workers compensation carrier for resources and best practices in ensuring they meet all local, state, and federal guidelines for employee safety.

Teleworking: A Cyber Threat for Employers

The shift to a virtual workforce in response to the COVID-19 crisis has led the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) to issue a cyber-threat alert. Hackers and other nefarious actors are already taking advantage of this unprecedented situation, increasing the need for organizations to remain vigilant and adhere to with cybersecurity best practices.

The CISA alert highlights several concerns, which center around two potential vulnerabilities: remote access via enterprise virtual private networks (VPN) and email-based phishing attacks. A VPN is the connection organizations use to allow remote access to their corporate network. Phishing emails are those that are sent to unsuspecting recipients and appear to be legitimate requests from individuals, businesses, or governmental authorities; however, clicking a link or downloading a file subjects the user's computer - and in turn the connected network - to malware or other viruses.

PHLY's cyber liability experts suggest following these tips to help manage the increased cyber risk of telework:

  • Create new and complex passwords
    Organizations should already be enforcing policies that require users to select complex passwords and update them on a regular basis. Proper password hygiene is equally important in the home environment and there is nothing hackers love more than a WiFi network with an easy, default password. Remote users should therefore ensure that their WiFi network is encrypted (WPA2 at minimum) and protected by a complex password - NOT the default password from the modem provided by the internet service provider.

  • Beware of phishing scams
    Phishing scams with messaging that preys on panic and uncertainty during this public health crisis are on the rise, so emails should be read with extra scrutiny. Employees should be particularly skeptical of embedded links within emails; when in doubt, users should avoid clicking on such links and be instructed to report suspicious emails to their IT departments. Social engineering attempts to defraud companies through fake wire transfer requests also remain prevalent, so organizations should adopt strict call-back verification procedures to ensure that these requests are legitimate. One or two extra steps could save organizations from a debilitating cyber incident or substantial monetary loss.

  • Promptly install updates and antivirus software
    Updates to operating systems, applications, and antivirus software should be installed as soon as they are available. Frequent patching ensures that known exposures and vulnerabilities are being addressed. IT departments can push these updates out to company-owned devices, but should also make sure that employee-owned devices (laptops, PCs, mobile phones) are protected with the latest updates.

  • Utilize VPNs for accessing company networks
    All remote access to the corporate network should be through VPNs, or "Virtual Private Networks," which encrypt the connection and reduce the chance of hackers intercepting data during the send/receive process.

  • Enable multi-factor authentication
    Multi-factor or two-factor authentication should be enabled for all remote access to corporate networks whenever possible, particularly for users with elevated or administrative privileges.


Cyber Security Resources

PHLY can assist with navigating this difficult time by providing resources and assistance with managing the risks of teleworking. Please review the following cyber security resources provided by our partners, as well as other sources:

  • eRisk Hub
    All PHLY Cyber Security Liability policyholders are eligible for complimentary access to PHLY's eRisk Hub. This online portal offers a variety of cyber risk management tools and resources, including an incident roadmap, risk manager tools (including a self-assessment and guidance on state breach notification laws), a learning center for best practices, a news center, and referrals to outside experts and vendors. It also includes a sample telework policy with a heavy concentration on cyber risk mitigation. Insureds can register here using the access code found in their PHLY Cyber Security Liability policy.

  • Other resources
    The National Cyber Security Alliance (NCSA), a builder of public/private partnerships focused on cybersecurity, is offering a comprehensive resource library at StaySafeOnline.org.

This blog was written by Eric Smith, Senior Business Operations Analyst, in partnership with Eric Lewandowski, a PHLY Senior Risk Management Services Consultant completing his Masters of Science in Cybersecurity, and Evan Fenaroli, PHLY's Cyber Product Manager.

IMPORTANT NOTICE - The information and suggestions presented by Philadelphia Indemnity Insurance Company in this E-Brochure is for your consideration in your loss prevention efforts. They are not intended to be complete or definitive in identifying all hazards associated with your business, preventing workplace accidents, or complying with any safety related, or other, laws or regulations. You are encouraged to alter them to fit the specific hazards of your business and to have your legal counsel review all of your plans and company policies.

Share to Facebook Share to Linkedin Share to Twitter More...
Please Wait...

Please Wait