Cybersecurity While Working From Home

Cybersecurity While Working From Home - COVID-19 Legal resources - Business Law - Rupp Baase - People at law

Are you working from home? Don’t get too comfortable in your home office.  The switch to remote working can present new cybersecurity challenges.  Hackers know that organizations are particularly vulnerable now as many organizations are preoccupied with COVID-19.  By way of example, on March 15, 2020 the United States Department of Health and Human Services (HHS) suffered a cyber-attack on its computer system just as the pandemic broke.

Below are some tips to help your organization take reasonable measures to prevent and mitigate a cyber-attack.

  • Watch Out for Phishing Emails. With many organizations and individuals preoccupied with
    COVID-19, coronavirus-related phishing emails are on the rise, preying on everyone’s health
    concerns. The Federal Bureau of Investigation (FBI) recently made a public service
    announcement warning of scam emails, namely fake emails claiming to be from the Center
    for Disease Control and Prevention (CDC) supposedly offering information on the virus.
    Therefore, to prevent an attack on your system, consider providing a refresher training to your
    employees on how to detect and handle phishing attacks while working from remote devices.
  • Review Policies. Your organization should review its information security policy to determine if
    it has any security guidelines for remote working. Some organizations may also have separate
    policies that relate to remote work, such as a bring-your-own-device (BYOD) policy that
    addresses using personal devices for work. Your organization may want to adjust its current
    policies, or create new policies, to address information security while working remotely. Now is
    a great time to establish at least basic guidelines for employees to follow while working
    remotely.
  • Communicate Throughout Your Entire Organization. Some of your employees may have never
    worked remotely before this pandemic and are unaware of best security practices while
    working from home. In addition, an organization’s information security program is only as
    strong as its weakest link, as many security incidents are the result of human error. Therefore,
    managers should communicate throughout the entire organization the organization’s policies
    regarding information security while working remotely. These communications will further
    protect an organization from a security incident during the COVID-19 pandemic.
  • Incident Response Preparation. Cybersecurity incidents are on this rise since the COVID-19
    outbreak. Therefore, your organization should now update its incident response procedure
    and mitigation efforts, in the unfortunate event that a security incident occurs during this
    pandemic. To best prepare, your organization should update its incident response plan now
    to account for those employees working remotely. This update will ensure that the incident
    response team is prepared to respond to a security incident effectively and efficiently during
    the COVID-19 pandemic. In addition, your organization should review its cyber insurance
    policy to confirm that it will be covered for any security incident that may occur during this
    time. Your organization will want to look for coverage for the costs to end a ransomware
    event or other security incident, as well as lost business income resulting from business
    interruption due to a security incident. With this incident response preparation, your
    organization will be able to act swiftly and mitigate the negative effects of a security incident
    during these unprecedented times.
  • Data Privacy Laws are still in Effect. Do not forget that the current data privacy laws and
    regulations still apply during the COVID-19 pandemic. Accordingly, your organization should
    continue to comply with HIPAA, NYSDFS, the NY SHIELD Act, the GDPR, and/or any other data
    privacy regulation that may apply to its operations. In addition, your organization should
    review its current third-party vendor contracts to ensure that its vendors continue to comply
    with these regulations during the COVID-19 pandemic as well. In all, organizations must
    remain diligent and comply with all data privacy regulations in order to prevent a data
    breach and ensuing regulatory investigation.

If  you have any questions or concerns about your business and working from home during these uncertain times please connect with Jamie Batt or the Rupp Baase attorney with whom you work with most often.