Can you help us create a telework agreement

Brian’s company nearly collapsed last March. A sudden, mandatory shelter-in-place order, combined with a shockingly outdated IT infrastructure, meant his team couldn’t access vital customer data. Orders stalled, support requests piled up, and within weeks, revenue plummeted by 40%. He lost three key employees, and nearly his business. The problem wasn’t a lack of willing employees; it was a complete inability to transition to a remote work model. That crisis cost him over $75,000 in lost revenue and a painful lesson in the necessity of proactive, secure remote access solutions.

What are the key legal considerations when drafting a telework agreement?

As a cybersecurity and managed IT practitioner with over 16 years of experience helping businesses in Reno and beyond, I’ve seen firsthand how critical a well-defined telework agreement is. It’s about more than just letting employees work from home; it’s about protecting your business, maintaining compliance, and ensuring productivity. While a simple policy might suffice initially, a robust agreement should cover several key areas. Nevada’s legal landscape adds specific requirements that many businesses overlook.

First, you must address data security. NRS 603A.215 mandates “reasonable security measures” to protect personal information. This isn’t just a suggestion; it’s a legal obligation. Your telework agreement must clearly outline employee responsibilities for safeguarding company data on personal devices, including requirements for strong passwords, multi-factor authentication, and secure network connections. Specify acceptable use policies for company-owned equipment as well.

Second, clarify ownership of work product. The agreement should explicitly state that any work created while teleworking is the property of the company, regardless of location. This protects your intellectual property and prevents disputes over ownership. Consider outlining how company intellectual property must be protected – for example, prohibiting work on public Wi-Fi networks when handling sensitive data.

Third, and often overlooked, is the issue of workers’ compensation. Clearly define the scope of work covered by workers’ compensation while employees are teleworking. Is their home office considered a “workplace” for injury purposes? This requires careful consideration and potentially consultation with legal counsel.

What technical safeguards should be included in a telework agreement?

The legal aspects are vital, but they are useless without robust technical safeguards. The telework agreement must integrate with your IT security policies and dictate how employees will securely connect to your network and access company resources.

Strong Authentication: Mandate multi-factor authentication (MFA) for all remote access. This adds a critical layer of security beyond just a password.
Virtual Private Network (VPN): Require employees to connect to the company network through a secure VPN. This encrypts all data transmitted between the employee’s device and your servers.
Endpoint Security: Ensure all devices used for telework have up-to-date antivirus software, firewalls, and intrusion detection systems. Consider implementing endpoint detection and response (EDR) solutions for advanced threat protection.
Data Encryption: Encrypt sensitive data both in transit and at rest. This protects data even if a device is lost or stolen.
Regular Security Updates: Specify that employees must promptly install security updates for their operating systems and software.

How can we address data privacy concerns and Nevada’s SB 220?

Nevada Senate Bill 220 (NRS 603A.340) gives consumers the right to opt-out of the sale of their personal information. While “sale” has a specific legal definition, any collection and use of customer data during telework must be handled responsibly and transparently. Your agreement should reinforce your company’s commitment to data privacy.

Specifically, your telework agreement should include clauses stating that employees will adhere to all applicable data privacy regulations, including SB 220. Detail how employees are expected to handle Personally Identifiable Information (PII) – what constitutes PII, how it should be stored, and who has access. Also, include your designated request address for consumers to exercise their opt-out rights under SB 220. This needs to be prominent in your public-facing privacy policy, as well.

Furthermore, emphasize the importance of secure data handling practices. For example, prohibit the use of personal email accounts for company business and require employees to use approved communication channels. Train employees on recognizing and avoiding phishing scams and other social engineering attacks, which are more prevalent when employees are working remotely.

Finally, review your incident response plan to ensure it covers remote work scenarios. How will you handle a data breach on an employee’s personal device? Who is responsible for investigating the incident? Having a clear plan in place will minimize damage and ensure compliance with Nevada’s breach notification laws (NRS 603A.010 et seq.).

To ascertain more about these topics, check out these resources:

• What is the ROI of investing in IT strategy services?
• Do I need to buy new hardware for the cloud?
• Is a roadmap helpful for managing remote work infrastructure?

About Scott Morris and Reno Cyber IT Solutions LLC.

Visit Reno Cyber IT Solutions LLC.:

Address:

Hours: Open 24 Hours