This is the sixth and final Blog Post taken from my HR Insights podcast.
In this post, we're going to look at the issues regarding flexible working and working from home as we adapt to this new norm. My final guest in this series is Mark Riddell, Managing Director of M3 Networks, who will share some top tips regarding I.T. support and cyber security considerations when working from home. We will answer the following questions.
- What is flexible working?
- What does the law say about flexible working?
- What actions should an employer take for staff working from home?
- How can I ensure that working from home is going to work?
Firstly, way back at the beginning of this pandemic crisis, there were a lot of people I know who had tried unsuccessfully to request to work flexibly, usually to help achieve a better balance between their work and home life. I think such refusals were quite often because managers felt staff wouldn't be as productive. And to be honest, I think there has been a lot of mistrust about home working in the past.
I think some managers were skeptical that a working parent could work productively at home and probably wondered how they could work and look after their children. Then Covid-19, happened and everything changed. Almost overnight, people were sent home with a laptop if they were lucky and encouraged to work from home with very little in the way of support. I hope that in future this should lead to a change of heart when it comes to flexible working requests and in particular, anyone working from home.
The way people choose to work in future may mean not having fixed hours, but being super flexible in order to accommodate parents working when children are at school and then logging back in during the evening, perhaps. Employers should therefore prepare for an increase in staff wanting to continue to work from home. They may make a statutory request for flexible working, or it might come out of a pre return to work discussion. This was borne out by a recent survey carried out by Deloitte, of financial services employees in the city of London, which showed an overwhelming number of workers, 70%, found working from home during lockdown to be a positive experience. Fewer distractions and a quieter working environment were key reasons for higher productivity. With most respondents citing the absence of the need to commute as their main reason for the experience being positive. More flexibility, being able to spend time with family and having more time to exercise, were also identified as benefits of the lockdown arrangements.
However, that compared with 10% finding that it was a negative experience. They highlighted fewer face to face contacts and the blurring of lines between work and home life as being the major negative factors. The Telegraph newspaper has reported an employee's right to work from home could be enshrined in law following the end of lockdown. It's understood the suggestion is supported by trade unions and is intended to protect employees from being compelled to return to the workplace.
So what is flexible working and what does the law say about it? Flexible working might include any of the following, reducing hours to work part time, changing start and finish times, having flexibility with start and finish times, sometimes known as flexi time. Working hours over fewer days, compressed hours, working from home or elsewhere and sharing the job with someone else. These changes might be for all working days or specific days or shifts only, specific weeks only, for example, during school term time or for a limited time, for example, a set number of months. The law says that employees with more than 26 weeks continuous service can request to work flexibly as long as they haven't made a previous request in the preceding 12 months. Other staff who don't meet these criteria may still be able to request to work flexibly. For example, if they have a disability. In such a case, the employer should still consider their request. There is a statutory process that has to be followed with a three month time limit, which involves meetings, consideration of the request and an appeal. An employer has a number of business reasons upon which they can refuse a request. When considering requests to work flexibly, employers must be fair and non-discriminatory, particularly when considering requests from carers and those with disability.
It might be useful for you to know that the UK government has updated its access to work guidance to include information on claiming access to work during the Covid 19 outbreak. This clarifies that employees who have a disability or a physical or mental health condition that makes it hard for them to do their job, as you need to work from home, they can still get help with access to work. If working from home impacts on the support needs, then this could impact on the amount of the award. Employees who are no longer working cannot continue to claim this support. I've included a link to this on my website. Once a change to someone's hours has been agreed, the contracts of employment will need to be updated to reflect the permanent changes.
There are a few little tips and observations that I'd like to share with you that I've noticed over time in connection with home working. Firstly, it's helpful to have a homeworking policy which outlines a number of aspects of working from home. The policy should not only cover the permanent arrangements of working from home, but should also extend to staff wanting to work from home on an occasional basis. One of my clients has recently carried out a staff survey and the feedback they got was that a considerable percentage of staff would like to continue working from home on a part time basis, but return to working in the workplace. For people who love the flexibility of being less office based, but miss the interaction with their colleagues. This could offer the best of both worlds, perhaps.
As we're currently finding, homework really isn't for everyone. ACAS, in a very helpful little booklet they have on homework, which was issued back in 2014, confirmed that homeworking does not suit everyone. There are a number of reasons for this, including less support and supervision and a sense of missing contact with other people and feeling isolated, backed up by these recent surveys. Going further, the ACAS Guide says that homeworkers ideally need to be:
- Happy to spend long periods on their own.
- Self disciplined and self-motivated.
- Of a resilient personality who doesn't let setbacks get them down.
- Confident working without supervision, and able to separate work from home life.
There is a high degree of trust that you place in a home worker. So you might not agree to continue homeworking if there have been performance issues. But many businesses have been surprised at how much more productive their staff have been working from home. Challenging the myth of pyjama wearing, box set, watching lazy employees, only checking into emails infrequently.
Health and safety legislation still applies when working from home for some trying to find a space for somewhere to work has been a real challenge during the pandemic. No wonder the early research indicates that many are experiencing musculoskeletal problems. Microsoft UK focused on making sure everyone had the right equipment to be safe working from home. They even couriered chairs and monitors from the office if necessary, and bought desks for staff if they needed them. For higher risk groups like pregnant women, virtual health and safety executive workstation assessments were carried out. Employers should ensure that everyone has carried out a risk assessment of their workstation and working environments. There is some helpful information on the HSE Website - Information on protecting home workers. Your policy should cover what you will contribute to any additional expenses incurred as a result of the person working from home. You could pay an allowance. The current weekly HMRC allowance is six pounds per week or twenty six pounds a month. If you decide you don't want to contribute anything, employees should be made aware that they can claim tax relief for working at home. Individuals can complete a self-assessment to see if they are eligible on the HMRC website.
You should ensure that staff working from home inform their mortgage provider or landlord and that they inform their home insurer in case this affects their insurance. You should also consider the data protection issues of staff working from home. If the homeworker uses or obtains personal information about individuals, they should be fully trained in the GDPR and data protection legislation that's relevant to data security. If they work on hard copies of confidential information at home, you will need to ensure they have somewhere safe to share the files. The ICO has published guidance on working from home. Wherever possible, avoid employees using their own personal devices and instead provide all remote user employees with company devices, ensuring a reliable inventory of who receives what.
Finally, there has been an increase in phishing emails which attempt to lure individuals into opening attachments on emails as a means to enable fraudsters to steal personal information. With the increase in remote working, there is also an increase in email communication in a setting where it's less obvious for recipients to check the authenticity of these communications. My guest today will be helping us to consider some of these ICT issues arising from us all working from home. For the immediate future, with staff being advised to continue working from home, managers should get used to leading teams remotely focusing on outcomes, encouraging virtual socialising and ensuring that individuals don't burn out.
Some questions to pose to your managers might be how they're supporting their staff. Have they asked their staff how they're actually coping? And are they carrying out regular one to one, and team meetings? It might also be a good idea to run a staff survey, if it's your intention to continue to work from home to ensure that everyone has the support equipment and everything that they need. In my last podcast, I was talking about the psychological impact of Covid 19, especially for those who are working from home. As things are beginning to gradually open up, it's a good idea to talk to staff about a possible return to the workplace with specific measures in place to help them to work safely. There may be a need for some of your homeworkers to get back to working from your workplace sooner rather than later, if they are experiencing and exhibiting some mental health challenges.
I think there are some positives that have come from more flexible and remote ways of working. Meetings, I think have become shorter and more focused. Virtual meetings seem to demand higher levels of attention and emotional effort and can feel exhausting, which has perhaps led to a reduction in meeting length. I think this can only be a good thing. For me personally, this pandemic has brought two additional people working from home. It means I've been able to share a coffee or lunch with others, help each other with I.T. glitches, and have been ever so grateful when I needed my son's help with Zoom. In the future, maybe offering a more blended approach to balancing home and work life, using technology, will also reduce travel and increase the sustainability of businesses in an environmentally conscious world. And maybe large, expensive offices will become a thing of the past.
Interview with Mark Riddell, MD of M3 Networks
Caroline
Today, I'm joined by Mark Riddell, Managing Director of M3 Networks. He'll be giving us some top tips on I.T. and working from home securely. Welcome, Mark.
Mark
Hi Caroline. Thanks for having me. Delighted to join in the podcast today.
Caroline
Thank you. Well, I've got some questions here that I think would be really helpful for our listeners. And the first one is really just thinking about now that the initial rush to get everybody working from home has gone. And we're sort of steadily getting on with things. Can you just remind us of the problems that can happen when staff do use their own personal devices to carry out work, specifically using iPads or tablet, phones or their personal laptop or P.C. for work?
Mark
Yeah, of course. So we call this BYOD or bring your own device. I've sometimes jokingly in presentations referred to as bring your own disaster. And one of the issues for businesses is that data can start to spread across lots of devices that you don't have any control over. You don't have any control over the security of these devices when staff are working from home and we know that the staff are much more likely to take risks and often just follow the least path of resistance just to get the job done because they're not working on familiar devices, they're not working in the office where everything was set up as it was, they're just having to get by because a lot of businesses haven't put proper mechanisms in place for a long term working from home, we all just see this as a bit of a short fix.
Caroline
Absolutely, and of course, now we're working from home on a more sort of permanent basis.
Mark
Yeah, absolutely. And businesses need to think about extending their security protocols and offering work devices out to employees now that things might be like this for quite a long time.
Caroline
So would you advise against employees using their own tablets and iPhones and things for work?
Mark
Well, wherever possible, we would always advise giving staff a company device, because this allows you to set up and have it configured by your I.T. provider before you give it to the member of staff so you can ensure that they've got everything they need, making sure that it can be backed up properly. Making sure that you have all the proper security measures in place. And in addition to the physical devices, you should always extend your IT security policies to cover working from home as well.
Caroline
Okay, that's that's helpful. So if somebody has their work email on their own personal phone, is there anything that they should particularly do to safeguard the security of the email or any attachments, for example, on that?
Mark
Yeah, well, there's a few things here. So phishing attacks remain one of the biggest risks. The pivot to Covid 19 themed attacks was huge. You know, the rise and ransomware from February to March increased about 700 percent. So users isolated at home are more likely to fall for a phishing attack because they don't have the ability to just turn to a colleague, like they would in the office and say, hey, can you have a quick look at this email? I think this looks a bit dodgy. I'm not quite sure if that's if that's right or not. You can't ask for that second opinion. Plus, at home, we know there's a lot more distraction. So people have pets run around and kids and deliveries. We've all seen these things on Zoom calls. I've had to stop and go and take Amazon deliveries at the door during a call because there's not been anyone else here. So all these distractions going on kind of help the attackers know that we're not quite on the ball.
So security awareness training is one of the best ways we can reduce that risk, carrying out phishing simulation tests on users, and then providing some online training for people that fail. We always say build that security culture, and that has to come from the top of the organisation and follow through. So, yes, some phishing training and some security awareness training for people working from home can go a long way to protect against phishing attacks.
I'll just go on and say that you did mention email specifically and how to protect that. So we always talk about passwords when we talk about cyber security. You can't get away from passwords and they're a 20th century solution to a 21st century problem is the way I like to pitch passwords. They're well past their sell by date, but they're going to be here to stay for a long time because there isn't an obvious alternative that is easy to implement. So passwords always provide an opportunity for accounts to be compromised. When it comes to company email accounts we always say we know the stats are about 40% of adults will duplicate passwords across sites. At best, most people will have maybe four or five passwords that rotate around different online accounts. But we always say that as a business, you should make sure all your staff at least use a unique password for their company email, at least, because that is the key account. As you know, if you do a password reset and any other online accounts, what happens is it sends a password email to your email account. So your email account is the key one there. So we would recommend turning on things like Two-Factor authentication on all online accounts where possible. There's so many online accounts now that have that feature built in, but it's not turned on by default. So you do have to enter your account settings and turn it on. You can do it on Amazon, for example, do it on eBay, Facebook, all your personal accounts as well. You always enable that. I've got tons setup in my phone and it's funny, I actually went to the office last week and actually left my phone at home and opened up my laptop, realised I couldn't log into anything because I didn't have my phone, which had all the authentication codes, so I had to drive back and get it. That's a slight downside, but yeah, Two-Factor authentication wherever possible.
Caroline
Yeah. Note to self and everybody listening to change all of our passwords on that note. That's really helpful. So are there any other specific cyber threats that we should consider when working from home and what can we do to avoid them?
Mark
Yeah, well, we would recommend that people start to look at their home network because when everyone was working in the office, it was easy for I.T. departments and IT companies because everyone was in one network. So you had this one, building, firewalls, everything was nice and easy. Now everyone has gone working from home and suddenly there's all these home networks now with lots of different types of broadband service, lots of different devices on the networks and businesses and I.T. departments don't know what's on these networks so some of the key things that I would want people to pay attention to are making sure that all the devices on their home network are up to date. So there's no good you just making sure that your your laptop, your company laptop is kept up to date, if your kids have iPhones or tablets, whatever, make sure that the operating system is up to the on all those devices, too, because anything on the network that gets compromised, could could have a knock on effect. Also change the default password on your home router. Now everyone's probably used to having that little slide out tab, or it's maybe on a sticker underneath the router or something. You can log in to the interface and it's worthwhile changing that too. While you're there and you're logged into the interface, we also recommend checking if there's any firmware updates or updating the software on the router, because if that goes out of date it can become open to compromise and most routers nowadays, especially BT home hubs, I can't talk for Virgin, but I've got a lot of experience with BT stuff. You can turn on guest access for your Wi-Fi. So basically, what that does is creates another Wi-Fi network which would segregate those devices from the machine you're using for business. I know there's not so many visitors and stuff or any visitors coming to people's houses at the moment but as that kind of lockdown restrictions are lifted, people have more people coming to their house and they're still working from home, don't just give out your Wi-Fi password and let them jump on the same network that you're using for business. Segregating that network out is some pretty good advice.
Caroline
That's really helpful and definitely something that I would not have known about. Thank you for that. Are there any other I.T. issues that employers should consider when agreeing or extending somebody's request to work from home?
Mark
Yeah. Bring your own device, I'll come back to that. If it's people's personal devices that really needs to be paid attention to specifically because what happens if an employee was to leave your employment or or were to move on and they still had company data on their devices? How would you handle removing data from a device that you don't own? That's that's a tricky area that can be dealt with by IT, but again, it comes down to the policies and agreements that you have in place with users. I did also mention about the data getting spread around. What if people are working on documents or they are on a device that is not being backed up? So you need to consider how you backup these other devices. There's a couple of the key issues that I would pick up on. But again, phishing, you know, over 90 percent of cyberattacks start with an email. So if you're not providing any sort of training on those things for users then you're running quite a high risk of someone just clicking on an email, because, as I said earlier, people can ask a colleague for a second opinion. So at worst, what they do at the moment, well, if they click on the link, obviously that's the worst that can happen. But you're seeing people actually forwarding emails to their colleagues so they get an email where they think it's a phishing email, then they forward that to someone else. So, now there's two chances that someone might click on the link or open an attachment. So yes, there is a real, real difficult problem.
Caroline
That does sound very, very tricky and troublesome for many employers, I would imagine, not to mention on personal networks.
Mark
Yes, it is difficult. And obviously, as an IT support provider ourselves, you know, we've got these challenges too where we have support requests coming in, where the users are having an issue. And, it turns out that the issue is with the user's home network. So there's the grey line between we are supporting the device and we are normally supporting that device in the company environment. Now the users at home are having a problem so there's a grey line for I.T. there, of how far to cross that line, because if its issues with the user's home network, is the employer going to pay us extra to cover that network or to provide the labour for that. So, yeah, we've just been doing it to help people out. But obviously, if people are going to work like that permanently, you know, ongoing then we will need to review how we handle those things. But up until now we've just been doing our best just to help people and be as helpful as we can.
Caroline
Sure, that's a good point actually and I think that was certainly something that I was very aware of when I set up my own business working from home, because when I did have I.T. problems and phone BT, for example, over a broadband issue, they always wanted to speak to my I.T. department. And of course, I was my I.T. department. But in other situations where people working from home for an employer, can they expect that sort of I.T. support? How would you, for example, be providing that?
Mark
Like I say, we support the device so we can get remote access to company devices and things like that. If an employer wants us to cover and provide I.T. support for someone's personal laptop, we know it's not a problem. We can install an agent and we do that. And then the employer basically picks up the tab and it gets added to the support agreement. How far employers will take that? I'm not sure. If you had a member of staff working at home and their home network had a problem and they couldn't work for you that day, would you be happy to pay the IT support bill to get that problem fixed? Because if they can't work, they can't get online, they can't work for you, then it's about a grey area, I think. You know, how do you handle that as an employer? Is the onus on the employee to make sure they have a working broadband and a working device and things like that? My view is that if you want someone to do work, you have to give them the tools to do the job. So really it's up to the employer to make sure that your staff have everything that they need to be able to do the job.
Caroline
Absolutely. And the additional costs that go with that? No doubt.
Mark
Yes. But, you know, employers have these costs anyway, whether it's in the office or whether it's at home. It just becomes a bit trickier, you know, for I.T. because we're operating in the dark quite a lot now because the company networks we know well, because we've installed a lot of the networks and provided all the systems in offices but we've not been to all the employees' homes. So we don't know what they have at home, we don't know who the broadband provider is or what wireless equipment they have. We don't know what laptop they're using. Is it up to date? Does it have a suitable anti-virus on it? We don't know any of these things so we're just kind of fire-fighting a little bit in the dark. But this is what businesses need to get a handle on to actually decide. If people are going to be working from home long term or on a permanent or semi-permanent basis, make sure that people have the right equipment in place so that if there are problems, everybody knows who's responsible for what.
Caroline
Thank you so much, Mark. That has been incredibly helpful. And I'm really grateful to you for joining us today. If people want to get in touch with you Mark, what's the best way of getting in touch with you please.
Mark
So our website is www.m3networks.co.uk, and our main phone number is 01738 237001.
Caroline
Do you have an e-mail mark as well, please?
Mark
Yes, my email address is [email protected]. And we're pretty active on social media, we're on LinkedIn, Facebook, Twitter and Instagram.
Caroline
That's lovely. Well, thank you very much for joining me today.
Mark
You're welcome. Thanks for having me.