Businesses had to move workers out of the office and into their homes as quickly as possible due to the COVID-19 pandemic in 2020 and many remain remote workers today. Fine-tuning the logistics of a remote workforce can prove challenging even in the best of times.
Operating a remote workforce comes with inherent risks and concerns businesses must account for on a regular basis. If you’ve switched to a work-from-home structure at your organization, you’ve probably encountered a few of them already, such as preventing cybersecurity incidents and fraud or perhaps ensuring sales tax is properly calculated for nexus. Many organizations continue to work remotely, have started offering telework, or hybrid scenarios.
Whether your whole company is considering going remote full-time or maintaining a partially remote workforce, you must stay informed and vigilant to protect your business’ security and prevent fraud. Other key factors you will need to consider are providing adequate technology, supplies and communication to your remote employees as well as adhering to proper tax rules and regulations.
It’s imperative to protect your data and infrastructure from attack as your employees work from home. Cybercriminals are at an all-time high. One in three organizations have dealt with a security incident due to an unsecured remote worker, according to a study by OPENVPN. The same study found that 70 percent of IT professionals believe remote staff pose a greater risk than onsite employees.
Remote technology environments are vulnerable in different ways than in-office environments. Given that cyberattacks can be devastating, it’s important to practice prevention and put the right tools, systems and procedures in place to protect your organization.
To start, you must understand and broadcast security basics to your entire organization. You are no doubt familiar with common phishing scams and entry points, like outside emails and text messages with links and attachments, but there’s more to it than that. Everyone at your organization needs to be vigilant, not just remote workers.
Follow these cybersecurity tips for managing remote workers and remote work environments:
Looking for more guidance in protecting yourself from a cybersecurity incident? We developed a detailed ebook to help businesses make sense of every aspect of cybersecurity.
Your organization is more at risk for fraud with employees working from home. Some examples of fraud, whether intentional or accidental, include:
Taking the time and effort to conduct complete and precise work pays off in the long run. Develop a formal, written ethics policy that establishes your stance on fraud. Detail what is expected from each employee, and document how fraudulent activity will be punished.
It’s also critical to proactively identify areas where fraud could arise in your organization and ensure you have proper segregation of duties to avoid risk.
Here’s what to look for when it comes to fraud.
When establishing your remote workforce, technology considerations are paramount. You must have proper IT resources in place to manage and maintain technology, software, network security, and support for your employees. If you don’t have an IT department at your organization, consider outsourcing your IT. Review your technology consulting options to make sure you’re adequately covered.
There’s a lot to consider when it comes to your technology needs. Eide Bailly offers support to help.
Another crucial consideration for remote work technology is establishing protocols. Technology protocols protect your people and data in remote work situations.
All organizations should take the following steps to ensure proper technology protocols when working out-of-the-office. You’ll notice instances of cross-over with cybersecurity protocols here, as the two frequently overlap.
Zoom users experienced security issues with their meetings in 2020 because the free version was easy for cybercriminals to access. Disruptive tactics like Zoom bombing, where an uninvited attendee enters a meeting, became such a significant issue for schools in early 2020 that even the FBI took notice, and many schools banned the platform.
To bolster their security, Zoom made several adjustments throughout the year, including:
Many of these adjustments are “optional,” so be sure to review all security options and how to enable them on your preferred web conferencing platform, then communicate consistent practices for use.
With workers in various locations, it’s imperative to file the necessary state and local taxes. If your business sells to customers out of state or operates in multiple jurisdictions, you may be required to file additional tax returns.
With regard to tax law, nexus occurs when a business has a connection to a state other than the one in which the business primarily resides. These connections can be created through an employee’s physical presence in a state performing services on behalf of a business, through the use of contractors, or via remote internet sales, including sales through marketplace facilitators. Depending on how you’re deriving revenue, your business could be subject to a variety of taxes such as income, franchise, gross receipts, and sales and use taxes.
As companies and employees see the value in the “work from anywhere” culture, the next challenge to tackle is when “work from anywhere” includes a foreign country.
An employee working in another country has the potential to create a taxable presence, or permanent establishment (PE), for their employer in that country. Countries often use concepts analogous to U.S. state “nexus” to connect cross-border business to their income tax.
If the employee is in a country with which the U.S. has a double tax treaty, then a higher threshold generally exists to create a PE. In general, the treaty provides that a PE is established if there is a fixed place of business (e.g. an office) through which the business of the company is carried out or if the employees have authority to bind/contract on behalf of the U.S. company and habitually exercises such authority.
Even if a treaty is applicable, it will generally only impact income taxes but not other taxes, like indirect taxes, payroll or social taxes. In the event that the activity creates a PE, the company will be required to file a tax return to report the income allocable to the activity creating nexus.
Most countries have indirect taxes that are similar to sales and use tax in the U.S., such as Value Added Tax (VAT) and Goods and Services Tax (GST). Having an employee in another country could trigger the obligation to register for and remit these taxes. For instance, let’s assume that the company has been selling into a foreign country for some time but had no employees or physical property there. Due to personal reasons, the sales rep decides to move to that foreign country and manage their sales activity from there. This change could trigger the obligation to register for, collect and remit VAT or GST on sales to customers in that country.
Similar to the U.S., other countries apply multiple taxes to employment income. For income tax, countries generally tax individuals based on the time spent working in the country. If the employee is in a treaty country, there could be an exemption from tax if they are there for a certain period, often 183 days. However, this exemption may not apply to other taxes, such as social taxes and employment taxes. In addition, an employer could be liable to register and remit income tax withholding, social and other employment taxes.
As organizations run leaner with limited staff, they may need help maintaining necessary functions like accounting or IT services. If you don’t have staff in-house, consider outsourcing various services to manage your organization’s needs. Key areas to consider are IT, payroll, accounting and cybersecurity.
Issues to consider when researching outsourcing options include: expertise, reputation, trust, value, accessibility, responsiveness, and flexibility. With outsourcing, you can determine the scalability that is ideal to your economic situation — at any time.
It’s important to communicate with your remote workers regularly and ensure they feel supported. Business leaders should frequently communicate, reinforcing their vision, goals, and any short-term adjustments that are being made.
HR should make sure remote employees have what they need to conduct their work. Reminding employees of benefits available to them to assist in teleworking can help reduce fear or stress. Managers should have regular meetings and informal check-ins with their team.
Stay in touch with your employees and be transparent about your organization’s response to new regulations, changes to business operations, and the status of the organization. Doing so eliminates the element of surprise and allows employees to feel secure.
For people who are used to the more structured and social nature of an office setting, it can be difficult to continue working from home. Schedule lunches or social gatherings via Zoom so employees can interact and connect with co-workers.
How you communicate and care for employees has a lasting effect on the strength and stability of your organization.
Cybersecurity is a top concern for healthcare organizations, as they must protect highly sensitive personal and medical information. Learn how leadership can better manage cybersecurity in health systems today.
Healthcare organizations have specific issues to consider when it comes to remote working. Since the COVID-19 pandemic, telemedicine expanded to allow a range of healthcare providers, including doctors, nurse practitioners, physician assistants, clinical psychologists and licensed clinical social workers, to offer telehealth services for routine office visits, mental health counseling and preventative health screenings. However, the regulations can be complex.
As with any industry, your technology and tools to facilitate quality patient care are paramount. Review all software and communication tools to ensure you have everything you need to serve your clientele while remaining compliant. You may also want to consider reviewing your insurance coverage and payment structure to account for conducting remote work.
Governmental entities and school districts face many challenges operating in remote environments. One that stands out is the potential for fraud. Fraud has always been a top issue for governments, with corruption topping the list. Corruption in government organizations include activities like bribery and blackmail. Such activities are easier to carry out when so much communication happens over remote tools, like video calls and emails. Governments must establish protocols, such as internal controls, fraud policies and anonymous third-party reporting systems, to prevent fraud in their organizations.
As with all industries, nonprofits have to manage technological and cybersecurity challenges related to remote work. However, most also have to navigate grant compliance with every decision they make, such as investing in a particular technology, or enabling remote work. Additionally, they must ensure that their online payment options are secure for online giving and come up with creative, digital outreach initiatives in the absence of in-person events and fundraisers.
You need to keep your business top of mind, especially when it involves remote work. Following the guidance outlined in this article will strengthen and protect your business, empowering you with a solid plan to move forward.
The rise in popularity and need for remote work options provides benefits and challenges for organizations. As you implement or review remote working processes, take the opportunity to change policies and controls to ensure your organization and people stay safe and compliant. Remember to keep your organization’s integrity and effectiveness at the forefront and consider what functions you should handle in-house and those which could be outsourced for your continued success.