Cybersecurity Concerns When Utilizing Coronavirus Work-From-Home Protocols

As concerns arising from the recent coronavirus (COVID-19) drive companies to utilize alternate workplace options, such “work-from-home” or other measures for employees to work remotely, companies should bear in mind the increased cybersecurity challenges and risk of cyber incidents from non-on premise work. The U.S. Department of Homeland Security is encouraging companies preparing for the impact of COVID-19 to adopt heightened cybersecurity standards as well as make efforts to mitigate the risk of cyber threats from employees working remotely. As always, and especially in the face of COVID-19, an ounce of cybersecurity prevention is worth a pound of cure.

"THINK"

We recommend that companies encourage employees to remember to “THINK” about their cybersecurity while working from home:

T—Tighten Security: Ensure that information stored on or sent to or from remote devices is properly safeguarded, including by use of encryption or multi-factor authentication. Make sure to exclusively use company security measures, such as a VPN, when working remotely, and limit the use of company systems while on public Wi-Fi. Consider updating and strengthening your passwords.

H—Have a Strategy (And a Back-Up Strategy): Review current company policies for information security and develop a strategy to ensure compliance while working remotely. As needed, make a specific strategy for maintaining cybersecurity standards in light of COVID-19, including contingency plans, disaster recovery efforts, and business continuity and procedures. 

I—Identify Potential Incidents: The World Health Organization issued a warning about the increase of cyber criminals sending phishing emails with malicious links in connection with COVID-19. With coronavirus-based phishing attacks circulating the internet, it is key for remote users to stay vigilant in looking for and reporting suspicious activity as potential cybersecurity incidents. Be especially wary of external e-mails and unsolicited communications.

N—Narrow Use of Personal Devices: To reduce the risk of unauthorized access to or disclosure of company information, to the extent possible, only use company-issued devices for working remotely and sending work-related communications. Attempt to limit usage of personal devices in a way that protects company information from others, such as children or family members, who may also use the devices. Avoid downloading or saving company information to personal devices.  

K—Know Your Network and Information: Keep your devices updated with the latest security updates and patches for your network. Remember the types of information that need safeguarding, including confidential business information, trade secrets, protected intellectual property, work product, medical records, customer information, employee information, and other personal information. Maintain compliance with applicable privacy laws for using, processing, and disclosing this protected information. 

Company Security Measures

To assist employees in maintaining adequate cybersecurity standards while working from home, companies should also implement certain technical and administrative measures. For example, to reduce the risk of unauthorized access or disclosure, companies should consider limiting employee access to protected information to the extent needed to perform their duties and imposing additional credentialing requirements. Additionally, companies should increase proactive security measures, such as malware scans and log reviews. 

In order to successfully execute these practices, it is crucial for companies to keep their IT resources well-staffed. Companies should ensure that IT personnel are prepared to ramp up cybersecurity tests and tasks. Further, companies should continuously remind all personnel about cybersecurity protocols and provide tips on avoiding cyber-attacks.

Cybersecurity is always a pressing concern for companies, but especially with the increased reliance on alternate workplace options during the COVID-19 outbreak, it is critical for companies to protect themselves from compromising attacks. Many companies are moving quickly to transition to work-from-home strategies, but companies cannot forget cybersecurity concerns. Companies must strive to maintain their cyber hygiene in the wake of COVID-19.

In response to the coronavirus (COVID-19) pandemic, Lewis Rice has formed a COVID-19 Task Force which brings together subject matter authorities from various practice areas within the Firm who stand ready to assist our clients as they navigate these challenging and evolving issues. We will continue to monitor the myriad legal and other developments that may impact our clients.

If you have legal questions related to COVID-19, please reach out to a member of the Task Force. If you have any questions regarding your cybersecurity procedures and policies or any potential cybersecurity incidents associated with COVID-19, please contact one of the authors above or another member of Lewis Rice’s Cybersecurity & Data Privacy Practice Group.

Firm Highlights
News

Claims Filed for Compensation in North Carolina Ecusta Trail Rail-to-Trail Case

More
News

Jeremy P. Brummond Presents at Webinar for Experienced Construction Attorneys

More
Client Alert

DOL Publishes Cybersecurity Guidance for Benefits Plans

More
Client Alert

Colorado Joins the Bandwagon, Enacts Comprehensive Privacy Law

More
Diversity & Inclusion

Law Firm ILN-telligence Podcast Hosts Ronald A. Norwood to Discuss Mentorship, Diversity & Inclusion in the Legal Industry, and the Importance of Equity for All

More
Client Alert

The Changing Workplace Following the Latest CDC Mask Guidance

More
Diversity & Inclusion

Lewis Rice Launches “Next Level” Diversity and Inclusion Programs

More
News

Lewis Rice Welcomes 2021 Summer Associates

More
Client Alert

Supreme Court Limits Ability to Compel Access to Private Property Without Compensation

More
Client Alert

EEOC Issues Updated Guidance on COVID Vaccination Policies

More
News

Michael D. Mulligan, Mysun Charitable Foundation Recognized at Greensfelder Park Ribbon Cutting Ceremony

More
Client Alert

The New Standard Contractual Clauses: Scope, Impact, and Next Steps

More
Client Alert

Missouri Supreme Court Holds that Public Governmental Bodies May Not Charge for Attorney Review Time

More
Client Alert

Supreme Court Hands Down Unanimous Decision Limiting FTC’s Ability to Seek Monetary Relief

More
News

A Lawyer’s Guide to the Galaxy Podcast Named Among Best Copyright Law Podcasts for 2021 by Welp Magazine

More
Client Alert

FTC Adds Teeth to the ‘Made in USA’ Rule

More
Client Alert

CROWN Act Legislation on the Verge of Passage in St. Louis City & County

More
News

Jeannine Moentmann Becomes President of St. Louis Paralegal Association for 2021-2022

More
Client Alert

Missouri Supreme Court Reverses Overtime Wages Judgment Resulting from Employer-Mandated Screenings Under the Portal-to-Portal Act

More
Client Alert

First-Issued Interim Final Rule Gives Guidance on No Surprises Act

More