Jackie Ford, with Vorys, Sater, Seymour and Pease.

Working from home is not a new thing, but it has been, in many quarters, a reluctant thing. Businesses often viewed such arrangements as involving more "home" than "working," and worried that camaraderie, teamwork and productivity all suffered when workers phoned it in. But the recent spike in work-from-home arrangements has changed that. It has also created new legal and logistical challenges for employers.

For many workers, what began as "temporary" work-from-home arrangements in March 2020 are still in place and may even become permanent. Governments at every level have sent inconsistent and contradictory messages regarding whether companies should default to at-home work when possible. All of this leaves private employers on their own to navigate complex, and in many respects uncharted, public-health considerations for their workers. As working from home is now a major and irreversible component of that navigation process, here are three key considerations for employers.

1. Prioritize data security. Cybercriminals increasingly exploit vulnerabilities created by telecommuting arrangements cobbled together in the initial rush of COVID lockdowns. As just one example, "Zoom bombing" (intruding into Zoom-hosted online meetings, sometimes accompanied by extremely offensive content) has become so common during the recent surge in online meetings that the term already has its own Wikipedia entry. To prevent Zoom bombs and other cyberthreats, employers should consider the following steps:

• Secure Zoom calls and other videoconferencing meetings. Mandate use of security features offered by videoconferencing platforms—restrict access to invitation-only, lock meetings once initiated, disable screen sharing if possible, and use a virtual waiting room to admit attendees.

• Review and communicate data security policies and practices. Tell your employees what your data security policies are, why they're important to follow at home, and why they're mandatory. Then, tell them again. And hold them to these rules; be committed in policy and practice to accountability. Your elaborate data security software may be worthless if even one employee decides to share a password or click on a malware-infected email attachment.

• Warn employees to keep their quarantine-mates away from your data. Employees' new workplaces may include family members, roommates and others not employed by your business. Remind employees that basic data hygiene practices—no sharing of passwords, no leaving your company computer opened and accessible to others in your house, no allowing family members to use the company computer for any purpose, and the like—are more important now than ever.

• Limit access to protected and confidential information: Where possible, restrict employee access to confidential and protected information on a role-specific basis, and ensure employees have access to only the information actually needed to complete their specific duties. The accountant doesn't need access to employee health files, and HR doesn't need access to company tax records.

• Alert employees to the uptick in online scams and phishing emails. Remind employees—frequently—to be wary of opening links or attachments in any unexpected emails, and to report phishing attempts as soon as possible. Your daily message could be as simple as: "When in doubt, don't open it."

2. Carefully evaluate "reluctant employees" who don't want to come back to the office. When the time does come for bringing remote workers back into the office, beware of potential issues with those who don't want to leave home. "Reluctant employee" has emerged as a COVID-specific term for workers who are not infected by the virus but cite health-related reasons for refusing to come back to the workplace. Employers should tread carefully with any such employees whose medical conditions put them at greater risk of coronavirus infection, or whose doctors have advised them to remain at home. The Americans With Disabilities Act (ADA), and similar state laws, may require an individualized "interactive process" to determine whether the employee's job duties can be performed either with or without a "reasonable accommodation," and whether either worksite modifications or a continued at-home work arrangement may be required.

3. Play the long game. The Occupational Health and Safety Administration (OSHA) has been reluctant to enact any COVID-specific requirements, but last month OSHA advised employers to "limit worksite access to only essential workers if possible" and "establish flexible worksites (e.g. telecommuting) … if feasible." It is worth noting, however, that OSHA's longstanding "general duty clause," which requires each employer to provide "a place of employment … free from recognized hazards that [cause] or are likely to cause death or serious physical harm to its employees," remains in effect. While Gov. Greg Abbott's various "reopening the economy" orders encourage a return to many physical workplaces, they also contain an instruction to "minimize social gatherings and minimize in-person contact with people who are not in the same household." In the end, because neither these nor any other state or federal standards provide much specific guidance on the subject, employers are left to figure out for themselves whether at-home work makes ongoing sense for their business.

Many at-home working arrangements were an improvisation during a sudden and dramatic realignment of the nation's workforce. Now that the experimental structure has continued for a couple of months, employers must decide whether it makes sense to allow it to continue, perhaps even indefinitely. Given the likelihood that some of the shift to at-home work may now be irreversible, employers will need to continue to monitor and manage fluctuating public health messages, a changing business climate, and their newly remote workforce.

Jackie Ford is a partner in the employment law and eControl groups at Vorys, Sater, Seymour and Pease.