5 minute read
Working Remotely and Cyber Security During the COVID-19 Outbreak
By Angela P. Doughty & Erica B. E. Rogers
The number of positive cases of COVID-19 is rapidly increasing throughout the United States, requiring more and more employers to rely on employees working from home.
Advertisement
While this is a necessity under current conditions, especially as state and local government agencies require that we “shelter-in-place,” it is not without creating other business risks such as cyber security breaches.
The work from home dynamic creates a very opportunistic situation for hackers and phishers. Every home device or wireless connection is a potential entry point. Moreover, with employees justifiably focusing on other things – their children, pets, health concerns, finances, etc. – data security is understandably not top of mind and employees’ typical safeguards against cyberattacks are down. We have seen a significant rise in COVID-19-related phishing attacks, where hackers are taking advantage of individuals’ fear and need for health, safety, and financial aid information. Unfortunately for businesses, a company can lose control over its data and be subject to significant legal liability due to a single email click or transmission of its data over an unsecured network. However, with appropriate planning, policies, and employee education and communication, companies can minimize risk and support their employees.
While all businesses have different cyber security risks, there are some basic precautionary steps all businesses can take:
First, companies can take advantage of employee free time by offering updated training materials. From the hacker’s perspective, distracted employees using personal devices and Wi-Fi connections without encryption are the ideal targets. There are more opportunities to compromise a network and obtain access to personal data, financial data, and other sensitive data.
From the employer’s perspective, though, employees at home have the extra time to educate themselves on this important subject. For example, every individual should be aware of phishing attacks, where fraudulent links about COVID-19 or federal relief packages (e.g., “Click here to claim your $1,200 check”) are especially appealing. Deceptive emails can be avoided if employees are educated about them.
Second, companies can update their employment information security policies, including “bring your own device” (BYOB) policies, to contractually protect against employee wrongdoings, including, but not limited to:
• misuse of personal emails to send or receive company emails;
• synching and storing business information on personal cloud accounts;
• misuse of social media to discuss company matters;
• misuse of personal, unsecured connections to employer systems;
• misuse of unsecure conference lines;
• misuse of public, unsecure wireless connections;
• careless safekeeping of company devices in public areas, which increase the likelihood of theft;
• misuse of easily identifiable passwords*;
• improper disposal of paper materials containing sensitive information (e., not shredded); or
• misuse of screen-sharing on video conferences.
*Weak passwords are vulnerable to password cracking attacks. The best passwords contain many characters (fifteen) and are routinely updated. Better are multi-factor authentication passwords, for example, a password followed by an SMS message to authenticate that password with a second device.
Third, companies can adopt security measures for employees’ personal devices.
Employers can offer up-to-date anti-virus software for employee personal devices.
Employers can ensure personal Wi-Fi wireless networks include network security technology (e.g., Wireless Protected Access or “WPA2”). WPA2 is a type of encryption used to secure networks by, basically, scrambling the data to make it harder for hackers to perceive the data.
Certain software allows companies to remotely access personal devices to make updates or patches to cover vulnerabilities or to delete information should that device be lost or stolen. Finally, companies can add banners to internal versus external emails so that employees can identify whether an email is coming from a safe source.
Fourth, companies can update or adopt a data security breach response plan.
Companies should review their data security breach response plan considering remote working.
State data breach notification laws sometimes require immediate action, so ensuring a plan to comply ahead of time is paramount. If any employee believes he or she is responsible for a data breach or successful phishing scheme, the correct contact person for immediate notice should be obvious.
© 2020 Ward and Smith, P.A.. All Rights Reserved.
Both authors are employed at Ward and Smith, PA (wardandsmith.com)
Angela P. Doughty, CIPP-US is a North Carolina State Bar Board Specialist in Trademark Law and a Certified Information Privacy Professional- United States (CIPP/US) that serves as the firm’s Director of Legal Process Management. She can be reached at apd@ wardandsmith.com.
Erica B.E. Rogers is an Intellectual Property Attorney, and assists individuals, small businesses, and large corporations with a wide array of intellectual property matters. She can be reached at ebrogers@wardandsmith. com
Can be here [YOU]
[EXPERIENCE.] The Summit Advantage. ®
Reaching a summit takes years of training and experience. We’re here to educate our businesses, and help them achieve their safety goals. A safe workplace with healthy employees makes for the best view at the top.
summitholdings.com
Social Media
Are we friends? Follow us on your favorite social media sites.
Facebook facebook.com/bigiky facebook.com/ELofIIAK
Instagram instagram.com/bigiky
LinkedIn linkedin.com/in/bigiky
Twitter twitter.com/bigikentucky
Classifieds
Acquisitions
Established Louisville agency interested in acquiring insurance agencies in Jefferson and surrounding counties. If you are interested in selling, merging, or need assistance with perpetuation, we would like to talk with you in confidence.
Call R. Alex Rankin, CPCU or Philip Anderton, CIC, at Sterling G. Thompson, Co. at 502-585-3277
Looking for Producers
Independent with top best markets looking to expand presence in Jefferson, Oldham or Shelby counties. Wanting Personal lines Producer or book of business to move or purchase. All arrangements possible, in strict confidence.
Please send inquiries to Turner Insurance Agency, 2460 Shelbyville Road, Shelbyville, KY 40065 or call Kurt Turner, CPCU at 502-633-6060.
Advertisers We would like to thank our advertisers for their support.
This publication would not be possible without you!
Acuity Arlington/Roe Bolton & Company Big “I” Professional Liability Big “I” Markets ClearPath Mutual EMC Guard J.M. Wilson RLI Personal Umbrella Secura Summit West Bend 6 23 OBC 7 12 IFC 8 For classified ads or to advertise in the Kentucky IA visit bigiky.org/magazine or call 502-245-5432.
19 25 20 29 28 IBC
Pamper your customer’s business with a policy from West Bend.
Your customers raised their business with hard work, from nothing but a dream. Now help them nurture it. An insurance policy from West Bend is the best way to keep it happy, healthy, and profitable.
