Inoculating your organisation against the consequences of COVID-19

In these strange and uncertain times, organisations need to be vigilant to guard against the challenges raised by the COVID-19 pandemic. This article will analyse some of the key considerations for organisations to keep in mind to minimise both their risk and any consequent liability.

Governance

In these stressful times and while employees are working other than in their usual work environments, there may be a tendency towards poor or looser corporate governance. Care should be taken to tackle complacency and ensure continued compliance with reporting requirements, regulations and industry guidelines. 

In a similar vein, Directors must not forget their duty of care and diligence under section 180 of the Corporations Act 2001 (Cth) (the Act) in exercising their powers and discharging their duties. When making a business judgment, directors must rationally believe that the judgment is in the best interests of the Corporation, and make the decision in good faith for a proper purpose. COVID-19 complications in their organisation, their suppliers, partners or subsidiaries pose unchartered territory for such decision making and require careful assessment. 

The limits of temporary ‘Safe Harbour’ Provisions

As part of the National response to the pandemic, the Federal Government temporarily relieved directors of their duty to prevent insolvent trading and personal liability for trading whilst insolvent. These changes, which will last for 6 months, were intended to provide Boards of directors with the confidence to continue to trade throughout the pandemic and prevent a wave of voluntary administrations. 

However, the temporary safe harbour provisions apply with respect to any debts incurred in the ordinary course of the company’s business. If action should be taken against a Director for breach of the duty, the director will bear the evidential burden of establishing the safe harbour defence and proving that the debt was incurred in the ordinary course of business. These changes do not allow for abuses and egregious breaches of the obligations. Fraud and dishonesty will still be subject to penalties under the Act.  

Cyber security

Employees working from home are not only operating outside their organisation’s physical infrastructure – they are also operating outside of the usual technology and security infrastructures in place by using their home networks and own equipment to connect. The risks created by this development are multi-faceted. From a systems point of view, many organisations had to quickly create or implement additional programs and systems to enable their staff to have remote access. It is still important that these systems have been properly tested for vulnerabilities. 

However, one cannot forget the human aspect – it only takes one employee clicking on a malicious link for your organisation’s security to be compromised. Scammers have responded opportunistically to the uncertainty and fear of the crisis by constructing targeted COVID-19 ‘phishing’ scams. For example, some of these scams have seen scammers posing as Australian government agencies offering assistance with applications for financial assistance and staying home. Indeed, Scamwatch has received over 1000 COVID-19 related scam reports since the outbreak began.
Likewise, employees need to be alert that working at home does not mean working to a lesser standard of security. 

The following tips can help your organisation stay safe: 

  • Re-training or reminding employees of the organisation’s cyber security policies and procedures; 
  • If necessary, testing an employee’s compliance;  
  • Ensuring your organisation’s cyber policies and guidelines are up to date and are being reviewed against changing COVID-19 circumstances and industry guidance; 
  • Ensuring employees can work in an area where they can’t be overheard or overseen so they do not inadvertently pass on confidential or sensitive information;
  • Ensuring employees confine their work communications to secure channels;
  • Requiring employees working on personal devices to utilize multi-factor identification to access the organisation’s database. 

Lavan comment

If you have any queries in relation to the above, or would like more information on how Lavan can assist your and organisation in navigating the many challenges that COVID-19 has brought, please do not hesitate to contact Iain Freeman.