Cybersecurity Considerations in the Wake of COVID-19
The COVID-19 global pandemic has affected all aspects of life. The coronavirus has caused many changes in our daily lives. For many companies, it is the first time that they have been forced to confront the numerous cybersecurity challenges associated with maintaining a remote workforce. Given this new reality, businesses across the country should assess the adequacy of their current cybersecurity measures. Many companies do not even have basic cybersecurity programs and policies, let alone those designed to guard against cybersecurity risks created by employees working from home. Although the lockdown has been in effect in parts of the country for several weeks now, it is not too late to make changes to improve the security of your company. Establishing a security infrastructure will not only protect your company and data now when the risks are heightened, but it will also allow your company to be ahead of the curve when normalcy returns.
Employees may risk exposing their company’s sensitive data as they adapt to working from home. The increased data breach risk stems from using unsecured home WIFI networks or even public networks. Home WIFI networks rarely have the same protections of a sophisticated business network. Additionally, many employees may be working from their personal devices or communicating through mobile devices. These devices are not likely to be secure, as most users do not have security features in place. Employees may even use these devices to communicate with other members of the company through texting or social media, which significantly increases the risk of exposure to company data. These breaches in data may pose HIPAA concerns for businesses in the healthcare sector, but other industries should still adopt cybersecurity programs and policies to prevent breaches and lay the groundwork before states or the federal government pass cybersecurity laws.
Like any good business risk reduction tool, cybersecurity begins with setting corporate expectations through written policies and procedures. Necessary first steps include establishing a cybersecurity plan or–at least–providing employees with guidelines on how to protect the company and themselves. It is crucial to remind employees of the types of information they need to safeguard–from customer information to protected intellectual property. Encryption of sensitive information that is stored on or sent to or from remote devices is vital to preventing data breaches. Consideration should be given to setting up Virtual Private Networks (VPNs) to ensure that internet traffic is encrypted, which is especially crucial if connected to a public Wi-Fi network. Companies that already have a VPN in place should make sure that employees working remotely exclusively use the VPN to access company information. Additionally, employees should be required to update their passwords routinely and to make sure that the passwords contain many types of characters. More preferably, companies should set up multi-factor authentication passwords such as a password followed by an SMS message to authenticate the password with a second device.
To further safeguard from data breaches, companies must train employees on how to detect and handle phishing attacks. Most importantly, companies should ensure that the procedures detailing how employees need to respond to possible data breaches are still feasible and can quickly be reported in this work-from-home environment. Managers might be apprehensive of overwhelming employees a deluge of COVID-19 updates. Nevertheless, employees need to be aware of security risks and how to protect business and personal data.
Companies should at least train or remind employees about the types of data which should be protected and how to protect said data. Implementing a secure system and adopting robust policies may not be possible in this environment, but small steps that can be implemented now may pave the way for the future. Cybersecurity is constantly changing. Companies who take steps to lay the foundation of cybersecurity will be ahead of the curve, especially with counsel who is kept a breadth with the nascent field of cybersecurity. It is essential for Companies to have counsel who understands that cybersecurity is the future of compliance and how to establish policies and procedures to protect data.