COVID-19 and Risks from Working Remotely
Privacy and Cybersecurity Risk
With the spread of COVID-19, many employers are taking proactive steps to mitigate the spread of the virus by implementing work-from-home for nonessential personnel. While these measures may aid in mitigating the spread of the virus by limiting
contact with large groups of people, it may also expose employers to increased risk of liability. For businesses that don’t typically have such widespread use of remote access for work, there could be significant business interruption
issues by disrupting the norm, i.e. working at the office; increased strain on the employer’s network; and risk of privacy and cybersecurity issues from employees working remotely using their personal device to access an employer’s secured
network via their less-secure or unsecured personal network.
Scammers, while usually employing the same techniques, i.e. phishing, ransomware, and malware more broadly, often “follow the headlines” for the content of their cyberattacks. Now, scammers are employing cyberattacks taking advantage
of fears surrounding the Coronavirus and COVID-19. Recently, the Federal Trade Commission published an article regarding the
spread of Coronavirus cyberattacks, with tips to follow, including:
- Ensuring that anti-malware and anti-virus software is up to date;
- Don’t click on links from sources you don’t know;
- Be wary of e-mails claiming to be from public health bodies, like the CDC or WHO, instead, visit the CDC and WHO websites for up to date guidance; and
- Be cautious of the Coronavirus-related sales pitches, “investment opportunities,” and solicitations.
In addition to reminding that your employees to follow the tips from the FTC, in order to mitigate the inherent privacy and cybersecurity risk exposure related to a large number of employees working remotely, we suggest that an employer take the following
- Increase security measures for remote access to your network, such as by implementing multi-factor authentication;
- Consider increasing security for remote access to personal health information or other regulated and protected information;
- Train employees on how to access your network remotely as well as common methods of cyberattacks and social engineering;
- Create a hotline or e-mail for employees to contact with technical questions related to working from home and remote access;
- Consider purchasing a cyber insurance policy or increasing coverage of a current policy;
- Test the capacity of your network to handle the likely volume of remote work;
- Train employees on cybersecurity and privacy issues;
- Consider loaning devices to employees working remotely to avoid risk associated with shared use of personal devices;
- Strategize your response in the event of a cyberattack or disclosure of private information;
- Implement a Work-From-Home Policy governing remote access by employees, delineating best practices for employees working remotely, setting forth minimum security requirements for an employee’s personal device and network when working from home, reinforcing company confidentiality policies, and addressing other related issues; and
- Update or implement a Business Continuity Plan and Disaster Recovery Plan.
If we can help your company prepare for or respond to a cybersecurity issue, please contact a MacDonald Illig attorney.