Are you working from home? Don’t get too comfortable in your home office. The switch to remote working can present new cybersecurity challenges. Hackers know that organizations are particularly vulnerable now as many organizations are preoccupied with COVID-19. By way of example, on March 15, 2020 the United States Department of Health and Human Services (HHS) suffered a cyber-attack on its computer system just as the pandemic broke.
Below are some tips to help your organization take reasonable measures to prevent and mitigate a cyber-attack.
- Watch Out for Phishing Emails. With many organizations and individuals preoccupied with
COVID-19, coronavirus-related phishing emails are on the rise, preying on everyone’s health
concerns. The Federal Bureau of Investigation (FBI) recently made a public service
announcement warning of scam emails, namely fake emails claiming to be from the Center
for Disease Control and Prevention (CDC) supposedly offering information on the virus.
Therefore, to prevent an attack on your system, consider providing a refresher training to your
employees on how to detect and handle phishing attacks while working from remote devices. - Review Policies. Your organization should review its information security policy to determine if
it has any security guidelines for remote working. Some organizations may also have separate
policies that relate to remote work, such as a bring-your-own-device (BYOD) policy that
addresses using personal devices for work. Your organization may want to adjust its current
policies, or create new policies, to address information security while working remotely. Now is
a great time to establish at least basic guidelines for employees to follow while working
remotely. - Communicate Throughout Your Entire Organization. Some of your employees may have never
worked remotely before this pandemic and are unaware of best security practices while
working from home. In addition, an organization’s information security program is only as
strong as its weakest link, as many security incidents are the result of human error. Therefore,
managers should communicate throughout the entire organization the organization’s policies
regarding information security while working remotely. These communications will further
protect an organization from a security incident during the COVID-19 pandemic. - Incident Response Preparation. Cybersecurity incidents are on this rise since the COVID-19
outbreak. Therefore, your organization should now update its incident response procedure
and mitigation efforts, in the unfortunate event that a security incident occurs during this
pandemic. To best prepare, your organization should update its incident response plan now
to account for those employees working remotely. This update will ensure that the incident
response team is prepared to respond to a security incident effectively and efficiently during
the COVID-19 pandemic. In addition, your organization should review its cyber insurance
policy to confirm that it will be covered for any security incident that may occur during this
time. Your organization will want to look for coverage for the costs to end a ransomware
event or other security incident, as well as lost business income resulting from business
interruption due to a security incident. With this incident response preparation, your
organization will be able to act swiftly and mitigate the negative effects of a security incident
during these unprecedented times. - Data Privacy Laws are still in Effect. Do not forget that the current data privacy laws and
regulations still apply during the COVID-19 pandemic. Accordingly, your organization should
continue to comply with HIPAA, NYSDFS, the NY SHIELD Act, the GDPR, and/or any other data
privacy regulation that may apply to its operations. In addition, your organization should
review its current third-party vendor contracts to ensure that its vendors continue to comply
with these regulations during the COVID-19 pandemic as well. In all, organizations must
remain diligent and comply with all data privacy regulations in order to prevent a data
breach and ensuing regulatory investigation.
If you have any questions or concerns about your business and working from home during these uncertain times please connect with Jamie Batt or the Rupp Baase attorney with whom you work with most often.