Mitigating Cybersecurity Risks In Remote Work Environments
Due to the coronavirus pandemic, more employees are working from home than ever before. Companies have been forced to react to maintain productivity, often on reduced timelines and without the careful consideration, rigorous testing and advance training that might otherwise occur.
This move to remote work comes with cybersecurity risks. A few of these – with suggested solutions – are outlined below.
1. REDUCED SECURITY OF NETWORK CONNECTIONS
Many companies have spent many man-hours and significant sums to ensure the security of their company data and systems. Most remote systems and home networks lack these protections. Confidential communications and data may be lost.
Strategy: Ensure that all of your employees access data through your company’s Virtual Private Network (VPN). Use multi-factor authentication and frequently updated passwords. Employees should also be reminded that they should not use public WiFi networks or printers, which could result in data loss, nor should they permanently store documents on their home computers.
2. UPDATE RESPONSE PLAN FOR CYBERSECURITY INCIDENTS
Does your company’s cybersecurity response plan require physical collaboration? Does your plan work if teams are not co-located?
Strategy: Companies should review their plans for cybersecurity incident response and revise them to reflect new operational realities and best practices. If the company does not have sufficient infrastructure to manage cybersecurity remotely, it should acquire necessary resources. A cyber insurance policy should also be considered if not already in place. Allen Matkins can help in the planning, design, and preparation of a robust cybersecurity response plan.
3. PROTECT EMPLOYEES FROM TARGETED ATTACKS
The “bad guys” also know that people are working from home, in stressful times, and in an uncertain environment. Phishing, ransomware, and malware attacks on employees prey on the fear and confusion inherent in a diffuse network of remote workers. Some bad actors pretend to be health officials or government officials. Absent from the office, employees lack the easy access to colleagues to assess any threats or the legitimacy of requests. Employees are also more vulnerable to people posing as colleagues or others through email.
Strategy: Businesses should vigilantly remind their employees of risks and conduct renewed training covering phishing, ransomware, and malware attacks and company policies to prevent them. This training should address strategies to determine the validity of emails that may seem suspect or unusual. Any necessary training materials for remote work should be updated. Employees should also be made aware of the appropriate contacts to inquire about threats or uncertain communications. Numerous legal requirements apply once a breach occurs and Allen Matkins can help to evaluate next steps in the event of such a breach.
4. DIMINISHED MANAGEMENT FOCUS ON CYBERSECURITY
The ongoing pandemic has thrown many companies into financial crises. In those circumstances, business leaders’ focus is on immediate needs and financial performances. Attention to cybersecurity is low, notwithstanding the potential risks.
Mitigation Strategy: Attorneys and data managers must ensure that remote working issues have a place in regular company assessments. Given the heightened cybersecurity risks and the potential losses from a breach, liability and harm to customer goodwill is equally a part of the financial picture for executives and business leaders.
5. USE OF EMPLOYEE DEVICES
Many companies permit employee-owned and maintained devices to access the company network, either for efficiency or cost reasons. Now, this has become a mandatory way of life in order to maintain productivity. Such regular use of employee-owned devices increase risk, as these devices are not under company control. Employees may have dangerous software on devices not regularly checked.
Mitigation Strategy: Businesses should consider, whenever possible, using company devices for remote work. If this is not possible, employees should be trained on the proper use of their home devices.