REMOTE WORK RISK ASSESSMENT THE CREDIT UNION UTILIZES A

use Remotely Piloted Vehicle Combines gps With Cadastral
031822 25 INVESTIGATIONS OF REMOTE PLASMA IRREGULARITIES BY RADIO
1 DEFINE THE AFREMOTE SERVER TO THE COMMUNICATION MANAGER

1201-styremote
15 Optimizing File Replication Over Limitedbandwidth Networks Using Remote
1500 GPM REMOTE CONTROLLED AERIAL PLATFORM MONITOR TASK FORCE

Remote Work Risk Assessment

The Credit Union utilizes a remote work environment for certain, qualified positions. Remote work is a privilege and not a right. Not all positions at the Credit Union are suited for a remote work environment. Additionally, not all employees are suited to work remotely. The Credit Union uses discretion when permitting an employee to work remotely. Employees participating in the telecommuting program will be asked to sign agreements which detail their responsibilities, rights, and duties under the program. The Credit Union understands and seeks to mitigate the additional risk associated with remote work.

Technology

Risk Description	Inherent Risk	Mitigating Strategies	Residual Risk Level
Risk of multiple individuals or third-parties accessing devices which may contain member sensitive information.		Limitation of employees permitted to work from home. Cyber and bonding insurance. Updated security standards for remote applications. Training on security protocols while working from home. Limit access of information/systems when working remotely. Review of user logs. Restrictions on sites and applications that can be used and access from remote devices.
Risk of unauthorized devices accessing credit union systems and information.		Restricting the ability to work remotely unless on approved devices. User access restricted to the lowest possible levels. Reviews of user logs to detect suspicious activity. Required list of hardware and software to be utilized by remote employees. Restrictions on sites and applications that can be used and access from remote devices.
Increased opportunity for malware or other viruses by employees accessing higher risk websites.		Testing incident response. Intrusion detection software and programs. Review of user logs. Restrictions on sites and applications that can be used and access from remote devices. Antivirus/Anti-malware software on all devices.
Unauthorized administrative changes to remote devices and software.		Periodic review and approval of user permissions. Restrictions/limitations on changes being made to devices. Multifactor authentication for critical applications.
Risk of losing data stored on personal devices		Encryption of data in transit or at rest. Limitation of activity on personal devices.
Zoom calls or online meetings being joined by unauthorized third-parties.		Required employee training. Central coordination and support for video conferencing software. Password requirements.
Failure to apply patches and application upgrades.		Vulnerability, patching and application update tools.
Risk of unsecure methods of sharing information being utilized.		Encryption of data in transit or at rest. Reports and systems to monitor employee activity.
Risk of unreported or unmitigated responses to cyber incidents or attacks.		Intrusion testing by third-party. Employee phishing testing. Testing incident response plan and process. Antivirus/anti-malware software on all devices.

Policy Considerations:

Appropriate Workspace. Employees are responsible for designating and safely maintaining appropriate workspaces within their remote work locations. The workspace and remote work location must be appropriate for conducting business, free of distractions, and approved by Management.

Compliance with Credit Union Policies. Telecommuters are expected to comply with Credit Union policies (with the possible exception of the Dress Code policy and any other exceptions approved by Management). Telecommuting employees should take special care to ensure that they meet Credit Union standards in the areas of confidentiality (including safeguarding of information), conflict of interest, overtime (including properly tracking hours and receiving appropriate authorization for overtime), outside employment, security, and the Drug/Alcohol policy.

Equipment.

Provided at Credit Union Discretion. The Credit Union will provide equipment for telecommuting as it deems appropriate. All decisions regarding the type, quality, and nature of equipment and supplies will be made by the Credit Union and all equipment remains Credit Union property.
Duty of Care. Employees are responsible to protect and care for all equipment, for routine equipment maintenance, and for supplies assigned to them. Property damage or loss (except normal wear and tear) is the responsibility of the telecommuting employee. Employees should immediately notify management of any equipment problems.
Restricted Use of Equipment. All Credit Union-provided equipment and supplies may only be used for job-related, business purposes. Personal use as well as loading of personal software on Credit Union computers is strictly prohibited. Employees must comply with all Credit Union communication policies. (See Communication and Information Systems.)

Human Resources

Risk Description	Inherent Risk	Mitigating Strategies	Residual Risk Level
Increased opportunity to take member information home and use fraudulently.		Limitation of employees permitted to work from home. Cyber and bonding insurance. Third-party information security reviews. Increase review of employee accounts.
Increased opportunity to take member information home and being discovered by unauthorized third-parties or lost.		Limitation of employees permitted to work from home. Cyber and bonding insurance. Internal audit of physical remote workspaces. Restrictions and prohibition on member information being taken out of the office, copied, or compromised in any way.
Increased risk of theft of devices that maintain member sensitive information.		Limitation of employees permitted to work from home. Cyber and bonding insurance. Limit access of information/systems when working remotely. Internal audit of physical remote workspace and appropriate storage and security protocol.
Conversations, which may include discussions about member information, being overheard by a third-party.		Required employee information security training. Internal audit of physical remote workspaces Prohibition on working in public spaces (e.g., coffee shop)
Unsecured internet connections by employees at home		Inability to work remotely without appropriate, secured access. Strong passwords and encryption keys mandatory for Wi-Fi routers. Internal audit of remote connections and standards.
Unauthorized sharing of sensitive information through unauthorized Bluetooth connections		Prohibition on voice activated devices near workstations. Internal audit of physical remote workspaces.
Performance standards not being met		Policies in place to outline expectations of remote work program. Job description outlined and performance meetings and expectations communicated in line with HR policy.

Policy Considerations:

Telecommuting Employees Remain Employees-at-Will. Participation in the Telecommuting Program does not create a contract of employment and does not grant an employee any right to continued employment. Telecommuting does not alter an employee's status as an “at-will” employee. All employees (including Telecommuters), except those with individual employment contracts signed by the President/CEO and expressly providing for employment other than at-will, may be terminated at any time, with or without cause.

Communication.

Maintaining Communication. Telecommuting employees should be reachable by phone during business hours. Telecommuters should notify the main office if they leave their telecommuting location and should maintain close communication with managers and co-workers. Any work-related concerns or problems should be communicated as soon as possible.
Accident Reporting. Remote site injuries or accidents should be reported immediately.

Risk Categories for Consideration:

Credit Risk – possibility that a borrower or counterparty will fail to meet the terms of any contract with the credit union or otherwise perform as agreed, impacting the credit union’s earnings or net worth.
Interest Rate Risk – risk that changes in market rates will adversely affective a credit union’s net worth and earnings.
Liquidity Risk – risk to earnings or net worth that arises from a credit union’s inability to meet its obligations when they become due, without incurring materials costs or unacceptable losses.

Transaction Risk (aka – Operating or Fraud Risk) – risk to earnings or net worth arising from fraud or errors that result in an inability to deliver products or services, maintain a competitive position, and manager information. This risk is a function of internal controls, employee integrity, and operating processes.
Compliance Risk – risk to earnings or net worth arising from violations of, or nonconformance with laws, rules, regulations, prescribed practices, internal policies and procedures or ethical standards.
Strategic Risk – risk to earnings or net worth arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes.
Reputation Risk – risk to earnings or net worth arising from negative public opinion or perception.
Concentration Risk – risk when a concentration in a particular investment, product or service offering, o other area creates the potential for losses large enough to threaten the credit union’s solvency.

Resources

REMOTE WORK RISK ASSESSMENT THE CREDIT UNION UTILIZES A

20080824%20Styremote
2ND INTERNATIONAL SYMPOSIUM RECENT ADVANCES IN QUANTITATIVE REMOTE SENSING
2ND PACIFIC OCEAN REMOTE SENSING CAPACITY BUILDING WORKSHOP ON

Tags: assessment the, utilizes, credit, union, assessment, remote