In early 2020, hundreds of thousands of businesses had to move workers out of the office to their homes as quickly as possible in light of the COVID-19 pandemic. There wasn’t much time for deliberation. Sorting through all the logistics of a remote workforce can prove challenging to manage even in the best of times. So it’s easy to imagine the unsettling atmosphere and short timeframe made it especially difficult for these businesses. Yet, it had to be done. Now, even as shelter-in-place restrictions have lifted for many, a large number of organizations continue to work remotely. In fact, many see telework as a potentially viable long-term solution.
However, operating a remote workforce comes with inherent risks and concerns businesses must account for on a regular basis. If you’ve switched to a work-from-home structure at your organization, you’ve probably encountered a few of them already. From preventing cybersecurity incidents and fraud to ensuring sales tax is properly calculated for NEXUS, if you intend to maintain even a partially remote workforce, you must stay informed and vigilant. Doing so will help you protect your business, even as restrictions relax and having remote workers becomes the new normal.
Cybersecurity for Remote Employees
It’s imperative to protect your data and infrastructure from attack as your employees work from home. Cybercriminals are using this turbulent time to prey on people who have their guard down. A recent study by OPENVPN found that one in three organizations have dealt with a security incident due to an unsecured remote worker. The same study found that 70 percent of IT professionals believe remote staff pose a greater risk than onsite employees. These remote technology environments are vulnerable in different ways than in-office environments. And, understanding that a cyberattack could be devasting, it’s important to practice prevention and put the right tools, systems and procedures in place to protect your organization.
To start, you must understand and broadcast security basics to your entire organization to protect your systems and data. Everyone needs to remain vigilant with common phishing scams and entry points, like outside emails and text messages with links and attachments. But there’s more to it than that. Learn and follow these cybersecurity tips for managing remote workers and remote work environments:
Looking for more guidance in preparing for and protecting yourself from a cybersecurity incident? We developed a detailed ebook to help businesses make sense of all things cybersecurity.
Fraud Considerations with Remote Workers
Your organization is more at risk for fraud with employees working from home. Many employees are challenged in conducting tasks as they normally would and might neglect to take the necessary precautions to follow protocols. Some examples of fraud you might encounter, be they intentional or accidental, include:
Taking the time and effort to conduct complete and precise work will pay off in the long run. Develop a formal, written ethics policy establishing your stance on fraud, detailing what is expected from each employee, and documenting how fraudulent activity will be punished.
It’s also critical to proactively identify areas where fraud could arise in your organization and ensure you have proper segregation of duties to avoid risk.
Here’s what to look for when it comes to fraud.
Remote Working Technology Considerations
When establishing your remote workforce, technology considerations are paramount. You must have IT in place to manage and maintain technology, software, network security and support for your employees. If you don’t have an IT department at your organization, consider outsourcing your IT. Review your technology consulting options to make sure you’re adequately covered.
There’s a lot to consider when it comes to your technology needs.
Eide Bailly offers support to help.
Learn more about our IT Managed Service Support.
Another crucial consideration for remote work technology is establishing protocols. Technology protocols protect your people and data in remote work situations. Some organizations were better prepared for the transition to remote technology environments than others. However, no matter your preparedness, all organizations should take the following key steps to ensure proper technology protocols when working out-of-the-office. You’ll notice instances of cross-over with cybersecurity protocols here, as the two frequently overlap.
Security Concerns with Zoom
In terms of concerns with remote work technology, users found many security issues with Zoom meetings in 2020 as hundreds of thousands of meetings went from in-person to virtual. The free version in particular was easy for cybercriminals to take advantage of. Disruptive tactics like Zoombombing, where an uninvited attendee enters a meeting, became such a significant issue for schools in early 2020 that even the FBI took notice and many schools banned the platform. To bolster their security, Zoom made several adjustments throughout the year, including:
Many of these adjustments are “optional,” so be sure to follow the recommendations for using the platform securely.
Complying with Nexus Tax Laws
With workers in various locations away from the physical office, making certain to file the necessary state and local taxes to be compliant is imperative. If your business sells to customers or operates in multiple jurisdictions, you may be required to file additional tax returns.
In regard to tax law, nexus occurs when a business has a connection to a state other than the one in which the business primarily resides. These connections can be created through an employee’s physical presence in a state performing services on behalf of a business, through the use of contractors, or via remote internet sales, including sales through marketplace facilitators. Depending on how you’re deriving revenue, your business could be subject to a variety of taxes such as income, franchise, gross receipts, and sales and use.
International Tax Considerations
Companies and employees are seeing value in the “work from anywhere” culture, from reduced commute times to employee acquisition and retention. Increasingly, companies are being asked to consider – what happens when “work from anywhere” includes a foreign country?
An employee working in another country has the potential to create a taxable presence, or permanent establishment (PE), for their employer in that country. Countries often use concepts analogous to U.S. state “nexus” to connect cross-border business to their income tax. If the employee is in a country with which the US has a double tax treaty, then a higher threshold generally exists to create a PE. In general, the treaty provides that a PE is established if there is a fixed place of business (e.g. an office) through which the business of the company is carried out or if the employees has authority to bind/contract on behalf of the U.S. company and habitually exercises such authority. Even if a treaty is applicable, it will generally only impact income taxes and not other taxes such as indirect taxes, payroll and social taxes. In the event that the activity creates a PE, the company will be required to file a tax return to report the income allocable to the activity creating nexus.
Most countries have indirect taxes that are similar to sales and use tax in the US such as Value Added Tax (VAT) and Goods and Services Tax (GST). Having an employee in a country could trigger the obligation to register for and remit these taxes. For instance, let’s assume that the company has been selling into a foreign country for some time but had no employees or physical property there. Due to personal reasons, the sales person decides to move back home to that foreign country and manage their sales activity from there. This change could trigger the obligation to register for, collect, and remit VAT or GST on sales to customers in that country.
Similar to the US, other countries apply multiple taxes to employment income. For income tax, countries generally tax individuals based on the time spent working in the country. If the employee is in a treaty country, there could be an exemption from tax if they are there for a certain period, often 183 days. However, this exemption may not apply to other taxes such as social taxes and employment taxes. In addition, an employer could be liable to register and remit income tax withholding, social and other employment taxes.
When to Outsource Remote Support
As organizations run leaner with limited staff, they may need help maintaining necessary functions like accounting. If you don’t have teams of support staff in-house, consider outsourcing various services to manage your organization’s needs. Key areas to consider are IT, payroll and accounting.
Issues to consider when researching outsourcing options include: expertise, reputation, trust, value, accessibility, responsiveness and flexibility. Outsourcing might be ideal for you because you can determine the scalability that is ideal to your economic situation at any given time.
HR and Internal Communications with Remote Workers
It’s important to communicate with your remote workers and ensure they feel supported. Business leaders should regularly communicate, reinforcing their vision, goals and any short-term adjustments that are being made.
HR should make sure remote employees have what they need to conduct their work. Reminding employees of benefits available to them to assist in addressing the new “norm” can help reduce fear and/or stress. Managers should have regular meetings and informal checkups with their team. Make sure you stay in touch with your employees and are transparent concerning your organization’s response to new regulations, changes to business operations and the status of the organization. Doing so may eliminate the element of surprise and allow employees to feel more secure.
For people who are used to the more structured and social nature of an office setting, it can be difficult to continue working from home. Schedule lunches or social gatherings via Zoom so employees can interact and connect with co-workers.
In a time of fear and uncertainty, any amount of reassurance and support you can provide goes a long way. How you communicate and care for employees as the crisis continues – and even after it’s subsided – could have a lasting effect on the strength and stability of your organization.
Remote Working and Unique Industry Considerations
Throughout 2020, business owners came up with strategic ways to safely conduct business while minimizing the spread of COVID-19. Certain industries had unique considerations in this challenging new business environment, such as retail, restaurant, fitness and healthcare organizations. Those challenges continue, and many are likely to continue as people begin to prefer virtual, remote and contact-free services even after the pandemic subsides.
Impact of Remote Work and Telemedicine in the Healthcare Industry
Healthcare organizations have specific issues to consider when it comes to remote working. Since this pandemic, telemedicine has expanded to allow a range of healthcare providers, including doctors, nurse practitioners, physician assistants, clinical psychologists and licensed clinical social workers, to offer telehealth services for routine office visits, mental health counseling and preventative health screenings. However, the regulations can be relatively complex.
As with any industry, your technology and tools to facilitate quality customer/patient care are paramount. Review all your software and communication tools to make sure you have everything you need to serve your clientele, as well as remain compliant. You may also want to consider reviewing your insurance coverage to make sure you are fully covered and your payment structure to account for your new business reality.
Cybersecurity is a top concern for healthcare organizations, as they must protect highly sensitive personal and medical information. Learn how leadership can better manage cybersecurity in health systems today.
Impact of Remote Work in Governmental Entities
Governmental entities, like school districts, face many challenges operating in more remote environments. One that stands out, however, is the potential for fraud. Fraud has always been a top issue for governments, with corruption topping the list. Corruption in government organizations include activities like bribery and blackmail. Such activities are easier to carry out when so much communication happens over remote tools: video calls, emails, etc. Governments must put processes in place, such as internal controls, fraud policies and anonymous third-party reporting systems, to prevent fraud at their organizations.
Impact of Remote Work in Nonprofit Organizations
As with all industries, nonprofits have to manage technological and cybersecurity challenges related to remote work. However, most must also navigate grant compliance with every decision they make, whether that’s a making a technology investment to enable remote work or paying salaries while closed. Additionally, they must ensure that their online payment options are secure for online giving and come up with creative, digital outreach initiatives in the absence of in-person events and fundraisers.
Understanding the Business Impact of Remote Working
You need to keep your business top of mind, especially when it’s entirely remote. Following the guidance outlined in this article will help strengthen and protect your business, empowering you with a solid plan to move forward, whether today’s challenges persist or if you remain remote out of preference.
Changing to a remote work environment has likely meant changes to processes and controls at your business. What does that mean for compliance and auditing?