Looking a prior threads on this topic, it appears many institutions have in place the requirement that employees take 5 consecutive days as a fraud preventative. As access to systems has expanded over the years and employees are moving to work from home due to the pandemic, have organizations considered getting rid of this requirement? Tools to monitor network activity have improved over the years and if your organization could mitigate the fraud risk by implementing better monitoring would your organiation look to removing this requirement?
Please also consider that since an emplyoee has access to the network via their phone (email), laptop, or other remote connection, are you eliminating their access everytime they go on vacation to ensure you are even following the policy to begin with?
