Mitigating Cybersecurity Risks In Remote Work Environments
Monday, May 18, 2020
Mitigating Cybersecurity Risks during Remote Working
Print Mail Download i

Due to the coronavirus pandemic, more employees are working from home than ever before. Companies have been forced to react to maintain productivity, often on reduced timelines and without the careful consideration, rigorous testing and advance training that might otherwise occur.

This move to remote work comes with cybersecurity risks. A few of these – with suggested solutions – are outlined below.

1. REDUCED SECURITY OF NETWORK CONNECTIONS

Many companies have spent many man-hours and significant sums to ensure the security of their company data and systems. Most remote systems and home networks lack these protections. Confidential communications and data may be lost.

  • Strategy: Ensure that all of your employees access data through your company’s Virtual Private Network (VPN). Use multi-factor authentication and frequently updated passwords. Employees should also be reminded that they should not use public WiFi networks or printers, which could result in data loss, nor should they permanently store documents on their home computers.

2. UPDATE RESPONSE PLAN FOR CYBERSECURITY INCIDENTS

Does your company’s cybersecurity response plan require physical collaboration? Does your plan work if teams are not co-located?

  • Strategy: Companies should review their plans for cybersecurity incident response and revise them to reflect new operational realities and best practices. If the company does not have sufficient infrastructure to manage cybersecurity remotely, it should acquire necessary resources. A cyber insurance policy should also be considered if not already in place. Allen Matkins can help in the planning, design, and preparation of a robust cybersecurity response plan.

3. PROTECT EMPLOYEES FROM TARGETED ATTACKS

The “bad guys” also know that people are working from home, in stressful times, and in an uncertain environment. Phishing, ransomware, and malware attacks on employees prey on the fear and confusion inherent in a diffuse network of remote workers. Some bad actors pretend to be health officials or government officials. Absent from the office, employees lack the easy access to colleagues to assess any threats or the legitimacy of requests. Employees are also more vulnerable to people posing as colleagues or others through email.

  • Strategy: Businesses should vigilantly remind their employees of risks and conduct renewed training covering phishing, ransomware, and malware attacks and company policies to prevent them. This training should address strategies to determine the validity of emails that may seem suspect or unusual. Any necessary training materials for remote work should be updated. Employees should also be made aware of the appropriate contacts to inquire about threats or uncertain communications. Numerous legal requirements apply once a breach occurs and Allen Matkins can help to evaluate next steps in the event of such a breach.

4. DIMINISHED MANAGEMENT FOCUS ON CYBERSECURITY

The ongoing pandemic has thrown many companies into financial crises. In those circumstances, business leaders’ focus is on immediate needs and financial performances. Attention to cybersecurity is low, notwithstanding the potential risks.

  • Mitigation Strategy: Attorneys and data managers must ensure that remote working issues have a place in regular company assessments. Given the heightened cybersecurity risks and the potential losses from a breach, liability and harm to customer goodwill is equally a part of the financial picture for executives and business leaders.

5. USE OF EMPLOYEE DEVICES

Many companies permit employee-owned and maintained devices to access the company network, either for efficiency or cost reasons. Now, this has become a mandatory way of life in order to maintain productivity. Such regular use of employee-owned devices increase risk, as these devices are not under company control. Employees may have dangerous software on devices not regularly checked.

  • Mitigation Strategy: Businesses should consider, whenever possible, using company devices for remote work. If this is not possible, employees should be trained on the proper use of their home devices.

© 2010-2024 Allen Matkins Leck Gamble Mallory & Natsis LLP

Current Legal Analysis

More from Allen Matkins Leck Gamble Mallory & Natsis LLP

Department of Financial Protection & Innovation Warns Investors About Nonexistent Class Action Settlement
by: Keith Paul Bishop
Do E-mail Exchanges Constitute a Meeting of the Board?
by: Keith Paul Bishop
Supreme Court Narrows Local Governments’ Ability to Impose Impact Fees – A Potential Sea Change for California
by: Jennifer Jeffers
Judge Rules that a Front for Mexican Cartel had the Capacity to Protect its Own Interests
by: Keith Paul Bishop
Is There Any Repose For A Dissolved Nevada Corporation?
by: Keith Paul Bishop
Do Corporate Minutes Include Chat Messages?
by: Keith Paul Bishop
California's LLC Certificate of Cancellation - One Form That May Not Fit All
by: Keith Paul Bishop
Court Of Appeal Holds Stock Options are Not Wages, But Damages Need Not be Measured at the Time of Breach
by: Keith Paul Bishop
Is the SEC's Shadow Trading Win Proof That There is a Federal Common Law of Crime After All?
by: Keith Paul Bishop
Strangers in a Strange Land - In California, Bumblebees, Crabs and Snails are Fishes and a General Partnership May Soon be a Corporation
by: Keith Paul Bishop

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins