Tag: security

Categories
Relocation Policy Review

2024 Trends: Top 5 Relocation Policy Risks

Removal company helping a family move out of their old home

Stay in the know about relocation services

In today’s relocation and talent mobility sector, there is a growing concern about unexpected risks related to relocation policies. These risks cover a range of areas, such as tax implications, cyber security threats, employee well-being, and other essential factors. It is crucial to comprehensively understand these risks and how they could affect your organization’s relocation program.

As organizations navigate the ever-changing landscape of relocation and talent mobility, staying informed about the top risks that could impact your relocation policies is essential. By being aware of potential tax implications, cyber security threats, and employee well-being concerns, you can proactively address these risks and ensure a smooth relocation process for your employees.

One key factor to consider is the impact of tax implications on your relocation policies. Changes in tax laws and regulations can significantly impact the cost of relocating employees and the overall budget for your relocation program. By staying up-to-date on tax laws and seeking guidance from tax experts, you can mitigate the risk of unexpected tax liabilities and ensure compliance with all relevant regulations.

Another substantial risk to consider is cyber security threats. With the increasing reliance on technology for managing relocation programs, organizations are vulnerable to cyber attacks that could compromise sensitive employee data. You can protect your organization and employees from potential data breaches by implementing robust security measures, such as encryption and multi-factor authentication.

Employee well-being is also critical to consider when assessing relocation policy risks. Relocating employees may experience stress, anxiety, and other challenges during relocation, impacting their productivity and overall well-being. By providing support services, such as counseling and relocation assistance, you can help employees navigate relocation challenges and ensure a successful transition to their new location.

In conclusion, understanding and addressing the top risks related to relocation policies is essential for ensuring the success of your organization’s relocation program. By staying informed, implementing security measures, and prioritizing employee well-being, you can mitigate risks and create a positive employee relocation experience.

Top 5 Relocation Policy Risks Your Company is Facing Today

1. “Work from Anywhere” Policy Risks: Possible Looming State Tax Issues

At the start of the pandemic in the US, many companies hastily arranged to allow employees to work from home. While this solution had apparent safety and cost savings benefits, unintended consequences became apparent.

  • Employee Taxes: Many employees living and working across state lines may have additional state tax and reporting obligations.
  • Employer Taxes: Work from Anywhere policies essentially resulted in a corporate relocation, often involving the employee, office equipment, and company records.

While this unforeseen complication is being considered in the courts, companies should examine the impact and implications of this corporate relocation on the employer and the employees. Consideration should be given to the impact on payroll tax withholding and reporting obligations. State tax issues could have ramifications for new hires, transferees, employees suddenly working from home, and employers.

2. Cyber Security Policy Risks: Phishing versus Vishing

Another year, another new cyber threat. With more employees working from home, organizations have faced new security challenges. Vishing is the latest threat, a verbal form of phishing. With vishing, a scammer might masquerade as a computer technician from the company’s IT team and call an employee to inquire about their computer setup. By asking a few critical questions of the unsuspecting employee, the scammer can now suddenly enter the company’s data system.

Understanding the risks that both phishing and vishing present to employees working remotely is important to employers. With some companies now working 100% remotely, employees working remotely should be considered a possible risk for these scams. Robust security policies and training adapted for the new normal should be weighed and implemented.

3. Travel Policy Risks: Guidance, Changes, and Emergencies

The idea that “change is a constant” is easily applied to travel. Travel has become more complicated with new guidance, bans, and updates daily. Frequent changes to travel policies and rules impact companies’ ability to attract talent, relocate employees, and conduct business. The challenges associated with travel are applicable not only internationally but also domestically.

At any point, one state may require something new from travelers arriving from another state. Various borders between countries may be subject to restrictions or closures, generating emergency repatriation requests. Agencies such as the U.S. State Department or the U.S. Centers for Disease Control and Prevention (CDC) might revise previously stated guidelines.

Employers should recognize a duty to provide updated information and guidance for all traveling employees. Correct information and advice will help employees better understand how to travel safely during the pandemic.

4. Immigration Policy Risks: Nearshoring may be an Option

COVID-19 has resulted in border restrictions and closures, which, in turn, impact immigration. However, other efforts in the immigration system further dampen an employer’s ability to hire global talent. One solution is the concept of “nearshoring.”

By leveraging a location in Canada or some other nearby country, a company can hire foreign talent and bring them near to the US. Often, this helps the new hire acclimate to life in North America. Future changes in the immigration system may allow them to enter the US at a later date. Relocation policies should be reviewed, along with consultation with a qualified visa and immigration expert, to account for alternative options such as nearshoring.

5. Health and Safety Compliant Providers: Ensuring Safety Policies are in Place

It should not come as a surprise that, during a global pandemic, companies must ensure enhanced health and safety policies are in place for their employees. All relocation services provided during a move should be analyzed for policy risks to help minimize exposing their employees and families to the dangers of COVID-19.

Top-rated Relocation Management Companies, like Global Mobility Solutions (GMS), regularly work with their supplier networks to ensure the latest guidance from officials (like the CDC) is observed and incorporated into their operations. Appropriate social distancing, regular hand washing, face coverings, and virtual relocation services are vital in protecting our client’s employees and the team members assisting with the relocation.

What Should Companies Do for Relocation Services?

Employers should schedule a relocation policy review with a trusted mobility expert to identify how this article’s top 5 policy risks may affect aspects of their relocation program. By working with an experienced relocation management company, organizations can leverage the mobility provider’s expertise in benchmarking their policies and identifying areas that will reduce the risks of COVID-19 on their relocating employees and their families.

GMS’ team of global relocation experts has helped thousands of organizations understand how to develop relocation policies that provide the best experience for new hires, transferees, and their family members. Our team can help your company understand how to review your relocation policy and address issues relating to the top 5 policy risks outlined above. As a result, your company will be able to remain competitive in its industry. It will also continue to attract the best candidates for job openings.

Contact our experts online to schedule a complimentary relocation policy review, or call us at 800.617.1904 or 480.922.0700 today.

We're Here to Help! Request a Courtesy Consultation

Are you ready to talk to a Mobility Pro? Learn how GMS can optimize your mobility program, enhance your policies to meet today’s unique challenges, receive an in-depth industry benchmark, or simply ask us a question. Your Mobility Pro will be in touch within 1 business day for a no-pressure, courtesy consultation.

Categories
Relocation Technology Security & Privacy

SOC and Relocation: The Importance of Data Security

Developing programmer Development Website design and coding technologies working in software company office

There is no doubt that the COVID-19 pandemic has had a great impact on many relocation management companies’ compliance with System and Organization Controls (SOC). In fact, data privacy trends have played a heavy role in shaping the future of data privacy and protection for companies everywhere. These trends were further accelerated by the pandemic.

Information and data security should be a big concern for all types of organizations. Even more so for those companies that outsource major business operations to third-party vendors. Almost all corporate relocation companies fall into this category. To ensure the private information of their transferees is protected, companies often look to established and trusted security standards, such as SOC 2. SOC 2 is a great auditing procedure system that helps manage data and make sure vendors have the internal controls to secure their customers’ data. 

What is SOC 2?

SOC 2 was developed by the American Institute of Certified Public Accountants (AICPA) as an auditing procedure to help ensure that service providers manage your data securely. It sets up criteria for being able to manage data in a customer-related system. SOC 2 uses five areas of focus, or trust service principles, during an audit of an organization’s internal controls: security, availability, processing integrity, confidentiality, and privacy. 

The reports that it can produce are unique to each organization. These internal reports give insight into important information about how service providers are managing data. These reports also include regulators, suppliers, business partners, etc. 

There are two types of reports that SOC 2 can spin up: 

  1. Type 1 describes a vendor’s system and how its design is suitable to meet trust service principles as of a specified date
  2. Type 2 details the operational effectiveness of each system throughout a disclosed period of time

It is easier for companies to obtain a Type 1 report, which is why a majority of relocation companies forgo the specialized Type 2 report.

How to Get a SOC 2 Report

Many companies have complex IT systems, so it would be extremely time-consuming to provide each vendor or client with a specific answer as to how their data is safeguarded. In fact, some organizations may not have airtight systems and processes in place that are capable of protecting their data. That’s why selecting a trusted CPA firm as an objective third-party auditor to perform a SOC 2 report can help. This CPA firm should be able to put together a thorough report to provide answers to common questions asked by organizations related to availability, processing, confidentiality, security, and privacy. 

When selecting a firm to help with your SOC 2 report, be sure to inquire about the firms’ CPAs’ experience with IT. You’ll want to verify that they have IT auditors, not just financial audit CPAs. It is also a good idea to ask about certifications, CISA and CISSP are two that should stand out right away.

Why Does SOC 2 Matter for Relocation Management Companies?

When working with a Relocation Management Company (RMC), personal information needs to be exchanged to ensure the timely and accurate delivery of services and household goods. 

Because RMCs work with so many third-party vendors, it’s important to be transparent about data and security measures. Countless suppliers have potential access to your employees’ personal data, including real estate agents, loan officers, moving companies, trucking companies, storage facilities, destination service providers, and more. A SOC 2 report is a powerful tool that RMCs can utilize to verify their compliance with internal controls standards, as well as assuring clients and employees that their personal data is being managed safely. 

Every RMC has an obligation to make every effort to limit the collection of and access to the personal information of transferees during the relocation process. However, this offers minimal assurance that your relocation program and your network of providers are truly compliant with SOC standards.

SOC and Relocation Programs: 3 Key Areas of Concern

The truth is that many RMCs have struggled, or are still struggling, to pivot to suitable security solutions to manage vital operations and protocols. Three (3) key areas of concern include:

Third-Party Involvement

Whether your relocation program is managed by an RMC or in-house teams, a network of partners is needed to support the delivery of select services. This comes with a responsibility to protect the information of clients, their transferees, and the employees’ families across the network of partners utilized in the relocation process.

For example: When scheduling the pack and load of an employee’s property for a household goods shipment, the relocating employee’s name, address, and contact information are critical pieces of information needed by both the relocation management company and the supplier. This data is used for timely and accurate service delivery.

The need for downstream compliance and risk mitigation will continue to be an area of focus for several years. Each cog in the relocation wheel must be held to the highest compliance standards. You should expect and require nothing less.

Increased Risk of Cyber Attacks Requires System and Organization Controls

In today’s work from anywhere environment, the number of remote employees and external devices accessing company networks has increased dramatically, leading to larger threats in the cybersecurity arena. Remote staff often rely heavily on Virtual Private Network (VPN) gateways to provide encrypted network access. Despite these types of preventative measures, cyber attackers continue to seek opportunities and methods to breach security defenses. 

Few Relocation Management Companies Undergo SOC Audits

In the relocation industry, this is a serious issue; an estimated 75% of RMCs do not have vetted or verified SOC credentials. With the amount of sensitive information these organizations may collect, each relocation management company has a responsibility to demonstrate that they have the systems, controls, and processes in place to protect their clients and their transferees from unnecessary risks. In an increasingly connected world, the mobility industry must adapt to manage these risks and the threats they introduce.

Conclusion

Whether you are working with a relocation management company today or managing your mobility program in-house, you should ask these two fundamental questions:

  1. Has there been a demonstrated investment in data privacy and protection for your mobility program in the last 6 months?
  2. Is your organization or your relocation provider currently compliant with the trust services principles set forth within a SOC 2 certification?

If you answered “No” to either question, it is time to reconsider your existing data security and compliance standards. Global Mobility Solutions (GMS) is one of the few relocation companies that is SOC 2 certified. Contact GMS now to learn more about how we protect your information and data in your relocation management program, or give us a call at 800.617.1904 or 480.922.0700 today.

We're Here to Help! Request a Courtesy Consultation

Are you ready to talk to a Mobility Pro? Learn how GMS can optimize your mobility program, enhance your policies to meet today’s unique challenges, receive an in-depth industry benchmark, or simply ask us a question. Your Mobility Pro will be in touch within 1 business day for a no-pressure, courtesy consultation.

Accessibility by WAH

Looking for something?