July 8, 2020

Volume X, Number 190

July 07, 2020

Subscribe to Latest Legal News and Analysis

July 06, 2020

Subscribe to Latest Legal News and Analysis

Mitigating Cybersecurity Risks In Remote Work Environments

Due to the coronavirus pandemic, more employees are working from home than ever before. Companies have been forced to react to maintain productivity, often on reduced timelines and without the careful consideration, rigorous testing and advance training that might otherwise occur.

This move to remote work comes with cybersecurity risks. A few of these – with suggested solutions – are outlined below.

1. REDUCED SECURITY OF NETWORK CONNECTIONS

Many companies have spent many man-hours and significant sums to ensure the security of their company data and systems. Most remote systems and home networks lack these protections. Confidential communications and data may be lost.

  • Strategy: Ensure that all of your employees access data through your company’s Virtual Private Network (VPN). Use multi-factor authentication and frequently updated passwords. Employees should also be reminded that they should not use public WiFi networks or printers, which could result in data loss, nor should they permanently store documents on their home computers.

2. UPDATE RESPONSE PLAN FOR CYBERSECURITY INCIDENTS

Does your company’s cybersecurity response plan require physical collaboration? Does your plan work if teams are not co-located?

  • Strategy: Companies should review their plans for cybersecurity incident response and revise them to reflect new operational realities and best practices. If the company does not have sufficient infrastructure to manage cybersecurity remotely, it should acquire necessary resources. A cyber insurance policy should also be considered if not already in place. Allen Matkins can help in the planning, design, and preparation of a robust cybersecurity response plan.

3. PROTECT EMPLOYEES FROM TARGETED ATTACKS

The “bad guys” also know that people are working from home, in stressful times, and in an uncertain environment. Phishing, ransomware, and malware attacks on employees prey on the fear and confusion inherent in a diffuse network of remote workers. Some bad actors pretend to be health officials or government officials. Absent from the office, employees lack the easy access to colleagues to assess any threats or the legitimacy of requests. Employees are also more vulnerable to people posing as colleagues or others through email.

  • Strategy: Businesses should vigilantly remind their employees of risks and conduct renewed training covering phishing, ransomware, and malware attacks and company policies to prevent them. This training should address strategies to determine the validity of emails that may seem suspect or unusual. Any necessary training materials for remote work should be updated. Employees should also be made aware of the appropriate contacts to inquire about threats or uncertain communications. Numerous legal requirements apply once a breach occurs and Allen Matkins can help to evaluate next steps in the event of such a breach.

4. DIMINISHED MANAGEMENT FOCUS ON CYBERSECURITY

The ongoing pandemic has thrown many companies into financial crises. In those circumstances, business leaders’ focus is on immediate needs and financial performances. Attention to cybersecurity is low, notwithstanding the potential risks.

  • Mitigation Strategy: Attorneys and data managers must ensure that remote working issues have a place in regular company assessments. Given the heightened cybersecurity risks and the potential losses from a breach, liability and harm to customer goodwill is equally a part of the financial picture for executives and business leaders.

5. USE OF EMPLOYEE DEVICES

Many companies permit employee-owned and maintained devices to access the company network, either for efficiency or cost reasons. Now, this has become a mandatory way of life in order to maintain productivity. Such regular use of employee-owned devices increase risk, as these devices are not under company control. Employees may have dangerous software on devices not regularly checked.

  • Mitigation Strategy: Businesses should consider, whenever possible, using company devices for remote work. If this is not possible, employees should be trained on the proper use of their home devices.

© 2010-2020 Allen Matkins Leck Gamble Mallory & Natsis LLP National Law Review, Volume X, Number 139

TRENDING LEGAL ANALYSIS


About this Author

Matthew J. Marino, Allen Matkins, real estate dispute lawyer
Partner

For nearly two decades, Matthew Marino has helped large developers, commercial landlords, property and asset managers, and his other clients plan and act on strategic solutions to complicated lawsuits, as well as address everyday operational issues, such as landlord-tenant conflicts, insurance coverage and recovery, ADA accessibility, and more. Matt also serves as the firm's Associate General Counsel, providing critical risk management functions for the firm.

A pragmatic, business-forward litigator, Matt is a quick-study, able to isolate—and resolve—the critical issues that create...

619-235-1558
Max Brunner  San Francisco Corporate Finance  Corporate Governance & Compliance
Senior Counsel

Max Brunner is a senior counsel in the Corporate & Finance department in our San Francisco office. His practice is focused on mergers and acquisitions, public and private securities offerings, corporate governance, and advising both private and public companies on other complex corporate matters and transactions.

415-273-7470
Kathryn Garcin Associate intellectual property and technology transactions
Associate

San Diego-based corporate attorney Kathryn (Kit) Garcin specializes in data privacy, information security, intellectual property and technology transactions, and other commercial contracts.

In her privacy practice, Kit regularly works with clients to design and implement data privacy, information security, and risk management programs. Kit provides clients with creative and practical advice on meeting the requirements of state and federal privacy laws, including the California Consumer Privacy Act (CCPA), Children’s Online Privacy Protection Act (COPPA), and the Fair Credit...

619-235-1518