Remote Work Risk Hits the Road with Digital Nomads
As COVID-19 lockdowns eased and companies grew more comfortable with the concept of long-term remote work, many employees seized the opportunity to hit the road and signed in from anywhere.
Digital nomads have been on companies’ radars for decades, but the title has primarily been conferred on people whose jobs benefit from frequent travel. For example, freelance writers or independent salespeople who caravan from one region to the next, working from anywhere as they meet with clients and conduct business across a country, have traditionally been called digital nomads. But with the widespread adoption of remote work, these possibilities are now open to many workers who were previously deskbound in a corporate office.
The number of location-independent workers increased by 112 percent between 2019 and 2021, according to MBO Partners’ 2021 State of Independence research study, and 15.5 million American workers describe themselves as digital nomads. They combine working remotely and traveling for various reasons and lengths of time, sometimes changing countries or continents. Others take “workcations” and working sabbaticals for weeks or months. Some cross borders, while others stay within a single country or area. The biggest shift, MBO Partners reported, was that traditional job holders have taken to this lifestyle, growing from 6.3 million digital nomads with traditional jobs in 2020 to 10.2 million in 2021.
[Free] ASIS Webinars
Learn cutting-edge, adaptable, and creative solutions to today’s most pressing security challenges; from Security Management, powered by ASIS International.
Seeing new and exciting locations isn’t the only motivation for digital nomads, however—there are cost savings to think of. The previous iteration of digital nomads worked from low-cost countries like Thailand while serving clients in the United States, leveraging what the MBO report calls “geoarbitrage”—combining low-cost living with income earned from employers in high-cost locations. Now employees are taking advantage of the same opportunity domestically. For U.S. employees, they may choose to travel away from higher-cost cities like San Francisco to work in Boulder, Colorado, or Austin, Texas.
At facility management company BGIS Global Integrated Solutions, conversations about digital nomadism popped up not because of remote work policies but because the company’s diverse workforce faced many different family-care challenges during the pandemic.
“BGIS is fortunate to have a diverse workforce spread across three continents; with that diversity comes a range of family commitments and obligations that spread around the world,” says Paul Huston, CPP, senior director for corporate security and CSO for BGIS. “As we started coming out of pandemic travel restrictions, some employees started to share their stories—a mother in Guatemala needing to move into a home, a father’s estate in Portugal needing to be closed, nephews and nieces in Singapore that hadn’t been seen in two years. Employees needed time to be present with their families and started asking how we could use our remote work policies to support their loved ones overseas, while at the same time ensuring we meet and exceed our clients’ expectations.”
Number of American workers with traditional jobs in 2021 who adopted digital nomad lifestyles.
Being able to offer these opportunities reaps rewards in terms of employee satisfaction. Almost 80 percent of digital nomads reported being satisfied with their income—slightly higher than reported by non-nomadic workers—and 85 percent said they were highly satisfied with their work and lifestyle, the MBO report found.
But digital nomadism isn’t just another remote work option, Huston says. Instead, it’s a form of remote work that brings a variety of unique risks that both the employee and the organization need to be aware of.
Financial risk. An employee working long-term in a different state, country, or region could result in different taxation rules. While a working vacation of a few weeks might not require different tax accommodations, stays of six months or more definitely could.
“There is no single answer for all of this in terms of a one rule that HR can look for,” says Nick Schacht, chief global development officer for the Society for Human Resource Management (SHRM). “HR needs to be aware of the laws regarding taxes that employees pay and therefore we need to withhold based on the location of those employees.”
In addition to taxation and benefits issues, digital nomads’ companies could be on the hook for increased roaming charges for company devices.
Duty of care. The lines between home and work life are increasingly blurred during remote work, and even more so when employees start to roam. Companies will need to consider whether an employee’s temporary location changes health insurance coverage, workplace safety risk, and more.
Employee risk. Some international employees have work visas or an immigration status that depends on them working in a specific location or region, says Todd Sowinski, senior director of enterprise risk management and corporate security for West Pharmaceutical Services, Inc. If one of these employees tries to work remotely abroad for a period of time, it could jeopardize his or her immigration or employment status.
Business operations. If an employee travels from a company headquarters on the East Coast of the United States and starts working remotely from Europe or Asia-Pacific, suddenly a business unit or team is split across many time zones. The employee may need to work late into the night to accomplish his or her tasks during the team’s overall business hours.
“That can be disruptive, not only for the team member but the team that they’re on and supporting,” Sowinski says.
ASIS Protection of Assets (POA)
Advance your mission. Accelerate your career. Security professionals worldwide rely on the Protection of Assets (POA) to navigate their toughest challenges and increase capacity to assess and mitigate risk.
Cybersecurity. Intellectual property could be at risk when employees start working from anywhere. When an employee accesses a known network from his or her assigned work location, it is a very different risk scenario to when a remote workforce is accessing potentially sensitive company property from a thousand different local networks, Sowinski says. When employees are accessing networks from foreign countries, those risks can be heightened.
Organizations should have an overarching policy about the use of technology and how to access networks, such as using a VPN, and apply the same rules to people who work from home and people who work while traveling, Schacht says.
“There’s an education part of this that needs to come into play, and the education piece can’t go just through IT—it needs to be something that’s done in conjunction with HR, in conjunction with leadership, and it can’t be just during October (National Cybersecurity Awareness Month). It needs to be a regular infusion of reminders,” he adds. “The best thing you can do is make sure your workforce is as aware as possible and then put in place what cyber tools you can. Unless you have rules saying you can’t work remotely, period, end of story, and an enforced policy on that, then any kind of remote work is going to carry a risk, and there is no blanket panacea to address it.”
Business continuity. If an organization does not know that it has critical employees working in Florida in the path of a hurricane, that organization might not have appropriate employee safety, emergency evacuation, and business continuity measures in place to cope.
“There is a constant concern of an unexpected natural disaster,” Sowinski says. “As people are scattered beyond our 25 global manufacturing locations or other office locations around the globe, it expands that area of concern. From a business continuity and crisis management standpoint, that can become a big challenge.”
All these varied risks also offer opportunities. At BGIS, clients’ security needs are addressed in every policy, including the management of sensitive technology and information. This culture of security and trust brings many stakeholders to the table when it comes to managing a widely dispersed workforce.
BGIS leverages an enterprise security risk management (ESRM) approach, which means “bringing in not just security, but other stakeholders who could be affected by an employee shifting to an overseas work environment,” Huston says.
When an employee applies to work outside his or her usual location, a multidepartment review process kicks off.
“The final okay rests at senior levels, with other areas offering their expertise to assess risks, mitigate risks, and outline the residual risk for acceptance,” he adds. “Security, of course, would look at crime, terrorism, state actors, and geopolitical factors; our partners in IT, human resources, health and safety, and finance would similarly look at an application from their own areas of expertise: cyber, tech support, benefits, workplace safety, taxes, visas, and so on.”
The process enables senior management to have a better handle on who is applying to travel and what could be at risk. The system also gives employees a better understanding of how to be secure while working elsewhere.
This process brought functions closer together at West Pharmaceutical Services, as well. “There wasn’t a day that went by that I wasn’t on a call with human resources and our global business travel coordinator and our supply chain, and talking through issues like this,” Sowinski says.
If a West Pharmaceutical employee wants to turn nomadic for a while, he or she fills out a global temporary remote work application, which captures details about the travel location, dates, and reason for the request. The request passes through the employee’s supervisor up to HR and the global remote travel team, which assesses the risk for that trip and makes a decision about whether to allow the travel. From there, the employee education effort begins.
Part of that effort includes leveraging lessons learned. For example, an employee who traveled home out of the United States—on approved travel, Sowinski adds—got stuck when the borders closed to travelers trying to leave. That unexpectedly extended trip put the employee’s immigration status in jeopardy and put the organization in a challenging situation.
“We can use the lesson of this one team member’s experience and help make people understand why we needed to monitor their travel situation and their work situation, and make sure we had full buy-in from their management,” Sowinski says.
Enhance your career and earnings potential with ASIS certification.
For Huston, the policy around digital nomads has been socialized across the organization, and HR has been a strong partner in getting the word out about the program and process—and that it is in place to protect the company, clients, and employees.
“Because our approach has been risk-based, efficient, and transparent, the feedback has been very positive,” he says.
To stand up a successful digital nomad policy, enterprises require buy-in and support from senior leadership, as well as engagement from clients and employees, Huston says. The risk management approach is also key—organizations should have a holistic view of the risks involved (not just security, but HR, finance, and benefits) and a risk-driven approach that focuses on identifying and mitigating risks and then having those risks assumed by leadership. All of this should be underlined by a simple, easy-to-understand process backed up by a variety of training sessions.
“We’re going to be living with some form of remote work as part of the new normal way of working,” Sowinski says. “And all of those elements—safety, security, accountability, crisis management—will all still exist, but we just know a little more now than we did two years ago on how to try manage through it, how to communicate, how to train, and how to be aware of it.”