Covid-19: Cybersecurity five top tips

Page 1

COVID-19 Business, but not as we knew it

Cybersecurity

Five tips for secure remote working


Our Sectors • • • •

Technology, Communications & Digital Media Construction, Land & Planning Personal Affairs, Private Wealth & Philanthropy Retail & Hospitality

Our Expertise • • • • • • • • • • • • •

Arbitration Banking & Finance Charities Commercial & Corporate Data Protection & Information Disputes Employment Family & Matrimonial Insolvency & Restructuring IP & Technology Real Estate Tax Trusts, Estates & Private Client

This information is offered on the basis that it is a general guide only and not a substitute for legal advice. We cannot accept any responsibility for any liabilities of any kind incurred in reliance on this information.


COVID-19 Business, but not as we knew it:

Cybersecurity

Five tips for secure remote working Businesses large and small are struggling to cope with the ongoing impact of the COVID-19 pandemic, as many regular officegoers adapt to remote working for the foreseeable future. This rapid, unprecedented shift has highlighted multiple ways companies are struggling to maintain not just business continuity, but also their data security and privacy obligations. While regulators will perhaps be sympathetic to enterprises grappling with these challenges, now is an excellent time for organisations to evaluate their technical and organisational measures, and address gaps in their cyber security approach. We walk you through our five top tips for maintaining safe and secure remote working.

Johnathan Rees

Marguerite Kenner

Partner johnathan.rees@laytons.com +44 (0)20 7842 8009

Solicitor marguerite.kenner@laytons.com +44 (0)20 7842 8000

laytons.com | 3


Cybersecurity | Five tips for secure remote working

1. A Robust Password Policy

3. Video Conference Procedures

Like toothbrushes, passwords work best when you choose a

Videoconferences may help alleviate the stress of employees

good one, it’s not shared with anyone else, and it’s regularly

missing kitchen conversation, but they may also lead to risk.

changed. Automation tools that impose forced expiry

Assembling a short checklist in preparation for a call can help,

dates provide additional security, such as with furloughed

and might include tips such as making sure no confidential

employees. For a more robust system, enable two factor

material is visible on work surfaces or backgrounds.

authentication – that is, requiring an SMS message or email

Moderators of such calls should encourage everyone to

with an additional password when a user wants to access a

identify themselves, whether by voice or video, to ensure all

system.

participants are genuine. Meeting rooms should be locked once the call starts to prevent disruption. Web cams should be disabled, disconnected or covered when not in use.

2. Maintaining Good Data Hygiene Good password practice applies to home systems as well as

4. Cybercrime Vigilance

office hardware. Default router passwords for home networks

Cyber criminals of all stripes are utilising old practices

are easy for hackers to discover and should be changed.

with new framing narratives to take advantage of a home

While ideally most employees will have laptops or other

workforce. Phishing and malware campaigns with COVID-19

devices configured by their IT staff which can be physically

themes or impersonating health authorities have led to a rise

secured when not in use, Bring Your Own Device schemes

in ransomware attacks. To support employees who may be

are more common and present their own challenges. Use

under increased pressure and suffering from lack of focus,

of VPNs, security tokens, and two-factor authentication can

send short and regular reminders of a company’s IT support

help maintain good data hygiene by keeping confidential

resources when they receive suspicious links or attachments,

information within secure environments. Personal accounts,

and how to seek more help quickly if needed.

especially those on social media networks, should be accessed from outside these environments and ideally, only from

Likewise, IT professionals should remain vigilant for

personal devices.

established exploits such as ‘Patch Tuesday’ attacks or physical

"

Make sure there’s a plan in place for how a breach could be securely investigated without compromising confidentiality or legal privilege.

4 | laytons.com

interception of IT equipment en route to an employee. Crisis response playbooks and critical security checklists need to be updated – even minimally – to adjust for remote working of IT staff and any inability to physically access vital systems such as on premises server logs in older, more vulnerable environments.


Cybersecurity | Five tips for secure remote working

5. Communication and Documentation Ensure all members of your team know how and when to report a potential data breach. This can be anything from a contemporaneous and informal call to internal ticketing systems. If investigating staff require documentation, make that clear at the intake stage to save time. Use concise, informative communications and direct them to the appropriate teams. For example, volume contract processing staff may need added reminders to verify the source of unsolicited email attachments with a telephone call before opening. Lengthy emails about cybersecurity are likely to go unread by many. Aim for impactful communication of key points, with plenty of signposting where more information can be readily located, such as existing policies and any COVID-19 related changes and updates.

"

Remember that devices have eyes and ears.

Review crisis response plans or business disruption reporting lines to make sure they are current and contain all necessary contact information. Check whether critical response windows – internally or with third party vendors – need to be adjusted to avoid delay or confusion in the event of a breach. Finally, make sure there’s a plan in place for how a breach could be securely investigated without compromising confidentiality or legal privilege. Remember that regulators will focus on what procedures and policies are in place, and how well they were adhered to, should an investigation arise.

laytons.com | 5


Cybersecurity | Top tips

Expertise

Corporate & Commercial We provide a complete range of corporate and commercial advice and support for clients who extend from start-ups, individual entrepreneurs and family offices to multinational corporations. We advise on every facet of our client’s corporate legal needs through the complete life-cycle of an enterprise, from its inception, through its growth and expansion to, perhaps, its sale or flotation on a public market. Our teams focus on acquiring a deep understanding of the particular needs and objectives of our clients to deliver advice and outcomes that are tailored to those needs and objectives and which meet them swiftly and cost-effectively. The approach to technical problems is informed, insightful and proportionate, and we take pride in viewing problems from a fresh perspective to provide innovative solutions.

6 | laytons.com

John Gavan

Esther Gunaratnam

Dimitri Iesini

Partner john.gavan@laytons.com +44 (0)20 7842 8000

Partner esther.gunaratnam@laytons.com +44 (0)20 7842 8000

Partner dimitri.iesini@laytons.com +44 (0)20 7842 8081

Robert MacGinn

Brian Miller

Daniel Oldfield

Partner robert.macginn@laytons.com +44 (0)20 7842 8000

Partner brian.miller@laytons.com +44 (0)20 7842 8000

Partner daniel.oldfield@laytons.com +44 (0)20 7842 8037

Daniele Penna

Johnathan Rees

Christopher Sherliker

Partner daniele.penna@laytons.com +44 (0)20 7842 8053

Partner johnathan.rees@laytons.com +44 (0)20 7842 8009

Partner christopher.sherliker@laytons.com +44 (0)20 7842 8015

Cameron Sunter

Liza Zucconi

Partner cameron.sunter@laytons.com +44 (0)20 7842 8036

Partner liza.zucconi@laytons.com +44 (0)20 7842 8092


2 More London Riverside, London SE1 2AP +44 (0)20 7842 8000 | london@laytons.com laytons.com

Š Laytons LLP which is authorised and regulated by the Solicitors Regulation Authority (SRA Nº 566807). A list of members is available for inspection at the above offices.


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.