As the Covid-19 pandemic continues throughout the world, many workplaces have gone virtual. While the advent of technology makes a remote workforce possible, the newly remote workforce brings with it additional challenges to a company’s information technology (“IT”) systems. However, proper policies and procedures that govern the security of IT systems and employees’ use of such systems can go a long way to help protect an organization.
Despite employees’ new office set-up, the obligation to maintain sensitive and confidential information remains the same when working remotely. From a cybersecurity perspective, Covid-19 is the perfect storm for bad actors. Unfortunately, employees’ collective guards are down as people try and just get through each work day, which allows for easier phishing attacks and other malware to ravage a company’s systems. With the workforce spread out, it’s harder to manage and control these types of security incidents, which in turn allows the damage to compound. Accordingly, companies should continue to implement some best practices to ensure the security of their systems. These include:
- Implementing two-factor authentication for access to systems.
- Ensuring that employees’ home routers have strong passwords.
- Limiting the transmission of sensitive information and encrypting such email messages (SSN, bank information, health information, confidential information).
- Do not use home email addresses to conduct company business.
- Do not save sensitive information to your desktop, home computers, or unencrypted mobile media (flash drives).
- Work from a VPN when possible.
- Think before you click—be aware of suspicious emails and requests; call your contact prior to sending sensitive information to them at his/her request.
- If uncertain about an email, contact your IT Department and report any problems or concerns related to your systems.
Additionally, companies need to train their workforces and implement policies and procedures surrounding employees’ use of IT systems. These policies should include Teleworking, Acceptable Use, Electronic Monitoring, and Social Media. Employers should also remind their workforces that policies apply equally to teleworking situations (i.e. an anti-harassment policy applies no matter where an employee is working). Lastly, employers should consider sending periodic emails to employees to train and remind them of these items to consider while working remotely.
Murtha’s Data Privacy and Cybersecurity and Labor and Employment Practice Groups are ready to help companies navigate these complex issues. For more information, please contact Matthew Curtin or Daniel Kagan.