Cyber Risks Associated with a Remote Workforce
As the COVID-19 (commonly referred to as the Coronavirus) pandemic unfolds daily with “stay at home” lockdown orders for nonessential businesses issued across the United States, remote working arrangements have become a reality for most organizations. Vigilance and cyber safety remain critical at this time. Cyber-attacks and phishing scams have been escalating since the beginning of the year. Attackers know that very few people are actually physically working from the office at this time, yet they can gain access and harm the entire network when everyone returns back to work. Here are a few practical considerations for employers and their employees to avoid cyber risks associated with working remotely.
Ideally, remote technology is already in place for the organization as well as reasonable network security measures such as strong access controls for applications and systems, multi-factor authentication and endpoint detection and monitoring. More importantly, organizations need to work towards creating a company culture that is aware of cyber risks and practicing cyber safety. Even if the protocol is as simple as forwarding any suspicious e-mails to the IT department or specified individuals, employees know how to respond. Training on an ongoing basis becomes essential to instill this type of culture.
Further, employers in California subject to the California Consumer Privacy Act of 2018 (CCPA) must remain mindful of compliance with CCPA requirements with respect to consumers’ personal information. This includes:
Privacy Policies: Using and sharing personal information in accordance with these policies;
Data Retention: Timeframes for retain personal information; and
Shared Information: Ensuring anyone outside the organization that may be receiving personal information are keeping such information secure.
Employees can take several steps to increase security as a remote worker, including the following:
- Use strong passwords;
- Keep all user names and passwords safe and in a secure location;
- Do not open any attachments or click on any links in e-mail messages;
- Regularly update software programs on personal devices;
- Use anti-virus software on personal devices; and
- Consider changing administrator passwords and other settings on home routers and network systems.
Such steps should be encouraged by employers for all employees working remotely and remind employees of the likelihood for an attempted cyber-attack disguised as Coronavirus concern.
We provide onsite or virtual training to ensure employees remain vigilant when it comes to cyber hygiene. Contact us for additional guidance on your organization’s needs. You can consult with a Task Force attorney by emailing [email protected] or contact our office directly at 949-854-7000.