Task Force Tip:  Cybersecurity and Data Privacy

03.24.2020

In this challenging environment, businesses with remote employees need to increase vigilance with respect to cybersecurity threats.  Employees working from home present unique security risks that fraudsters, hackers and other bad digital actors are trying to exploit.  Because remote employees often work outside of the trusted and secure IT environment of office networks and equipment, they may be more susceptible to phishing attacks (i.e., deceptive collection of personal or financial information), inadvertent disclosure of confidential business information or sharing of passwords with unauthorized persons.  Businesses should therefore work with their at-home workforces to mitigate such risks where possible. 

Businesses should communicate with their employees regarding such risks and should consider bolstering their cybersecurity protections by taking actions such as the following:

• Prohibit employees from sharing passwords or other access tools with any unauthorized third parties, including friends and family members, with respect to any work-related and/or employer-provided equipment or software, such as computers, portable devices, smartphones, tablets, networks (including virtual private networks, or “VPN”s), email, intranets, secure websites or mobile apps. 
• Remind employees that fraudsters and hackers are always seeking to collect sensitive personal and financial information through phishing and other efforts, such fraudulent emails, websites and other scams.  Employees should maintain, if not increase, their vigilance with respect to any suspicious emails, correspondence, web offers or promotions seeking personal information and should contact their employers if they have any concerns or questions.
• Discourage employees from using unsecured public WIFI networks for work related projects (such as in coffee shops or other public areas), which are less secure and may expose confidential company or work-related information to unauthorized access.
• Consider adopting dual authentication or multi-factor authentication for remote access to business servers and networks, if not already in use.
• Remind employees to never leave personal or work-provided laptops computers unattended, and that all such equipment should be password protected or otherwise secured.
• Require employees using personal devices or home computers to:

(1) update or adopt standard security software for such devices and home networks (including routers) and consider adopting new, unique and strong passwords; and

(2) maintain security of, and limit access to, work-related materials, email and correspondence on such devices and computers, such as by storing all such materials in password-protected and encrypted files.

• Direct employees to shred all work-related materials disposed of at home rather than throwing such materials out with the trash.
• Remind employees of any cybersecurity training and best practices that it may have adopted.
• IT departments should also be sure to increase vigilance with respect to their secure networks and consult with officers responsible for data protection or outside counsel regarding any suspicious or suspected data incidents or breaches.

For more information or to discuss cybersecurity or privacy matters, please contact Rob Henley at 804.771.9550 or rhenley@hirschlerlaw.com.