Securely navigating the digital work-at-home world

Jeremy Wolk
BridgeTower Media Newswires

As employers and employees are adjusting to the new “normal” of working from home, the risk of a cyberattack has never been greater. Hackers can prey on employees and lax cybersecurity practices as an easy way to gain access to organizations. Remind your workforce to remain vigilant about cybersecurity. Employers should consider circulating company privacy or information security policies as a reminder. It’s imperative employees review and understand these policies.

Here are more reminders:

•  Working outside the office may mean others can more easily see confidential information on a computer screen.  Log off or lock your computer when stepping away from your work station, even for a short period.

•  Employees are still responsible for complying with company policies and procedures. This includes complying with any non-disclosure or other confidentiality agreements that may be in place.

• Be especially vigilant for phishing scams and avoid opening attachments from any untrusted emails. These can include purported "coronavirus" or "COVID-19" alerts; unfortunately, scammers are taking advantage of the current situation.

Employers should encourage employees to check with the company's IT department if they have any questions about the validity of a particular email before opening any attachments.

• Employers should require that employees use the company's VPN system or similar remote access system to connect. Employees should be reminded to not save documents locally on their computer and to not use personal webmail or texting to conduct company business.

• Employees should avoid printing out documents at home. If an employee must do so, they should not throw any confidential documents in the trash or recycling when finished. Employees should save all documents somewhere safe and private, and bring them to work for secure shredding once the office reopens.

• Be cognizant of smart-home devices. Even though such devices are designed to only be activated by certain words, one study has shown that these devices can inadvertently activate between 1.5 and 19 times per day. Confidential conversations should happen away from such devices.

• Employees should update the password on internet modems and wireless access points to make sure they are not still using the default password that came with the device. Hackers can purchase those passwords on the dark web and gain easy access.

• Everyone should be sure to completely shut down their computer every night, and reboot it in the morning.

• We strongly recommend considering whether any changes to information security programs are warranted. Many state laws require review and updates of privacy and security policies as company circumstances change, and moving an entire workforce to a remote situation is certainly a material change.

Regardless of whether a change is warranted, this is a great time to send or re-send policies to your remote workforce as a friendly reminder that such policies govern, even when working from home. Routine reminders help to keep data privacy and security at the forefront of your employees' minds.

• Companies with no written privacy or security policies should take this as an opportunity to draft policies outlining the expectations relating to data privacy and cybersecurity. Policies should make clear what is sensitive information and the dos and don’ts of handling such information.

• Employees should be advised what to do and whom to contact in the event of a suspected or actual data breach.

While your employees can be the  biggest weakness in terms of data security, they can also be your first  line of defense.

——————

Jeremy Wolk is a partner in Nixon Peabody LLP's Business & Finance department. He developed this article with Nixon Peabody attorneys Jenny Holmes, Jason Gonzalez, and Troy Lieberman.