The past few months have significantly altered the landscape of our workforce. Amidst the coronavirus pandemic, employees have had to adapt and create makeshift spaces in their homes to focus and be productive. While the remote work environment varies from employee to employee, the one thing they all share is a newfound vulnerability of their employers’ sensitive data as employees’ personal networks are not the same as the fortress-like networks most companies employ.
With a surge in cybercrime since the pandemic began, it is critical that companies train employees to remain vigilant and protect their employers’ data both online and offline. Risk Management Magazine outlines some ideas for Risk Managers to execute and help mitigate the risk that comes with a remote workforce and “instill an expanded and updated culture of security awareness.” Below is a summary of the key cybersecurity policies for remote work that they recommend.
Securing Remote Office
Step one is to secure the remote office. While this can look physically different for each employee, there are several common-sense restrictions that companies can have employees implement to secure a company’s important data:
- Ensure employees have a secure Wi-Fi connection, which begins with a password. It needs to be complex and sophisticated and ideally mirror the password requirements an employee needs to log into their company system.
- Consider what always-listen devices are within earshot of the employee’s office. We all joke that Big Brother is listening when we talk to someone about something and the next time you open your smart phone there are ads bombarding you with whatever you mentioned in passing. However, all jokes have some truth, and this is not an exception. As such, consider keeping devices like Amazon Echo or similar smart speaker or virtual assistant technologies out of the working space as they are potentially enabling hackers. In additional to hackers, many of those devices take random samples for quality control purposes and, if those samples contain sensitive information, it could introduce a risk.
Updating Systems and Devices
Make sure devices and systems are automatically updated. A corporate VPN is an important security measure, but so is maintaining good data hygiene and ensuring everything is up to date and automatically pushing updates so employees do not even have to think about it. Further, companies should request that employees also keep their personal devices current; devices like Wi-Fi routers, smart speakers, or anything that they use for day-to-day business activities should have latest updates. Responsibility should be shared for keeping information safe.
Instituting Training and Addressing Compliance
Cybercrime is escalating. To keep information safe, companies need to train their employees on how to manage their network security, work safely and keep home vulnerabilities from migrating to the office. Training is not only a best practice but may also be legal defense. Courts are looking at what kind of security measures a company had in place in the case of a data breach and that may be the deciding factor. Additionally, companies need to stay on top of how they stack up on best practices and continually follow the changing compliance requirements.
Per the National Conference of State Legislatures, state lawmakers have already introduced more privacy bills in 2020 than they did in all of 2019. Therefore, it is recommended that companies partner with outside counsel as needed to stay on top of changing compliances and best practices and understanding their impact.
Lastly, use available tools. For example, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has a toolkit that is accessible to all with helpful reminders on how to be stay safe in this cyber world of today. The toolkit includes tips for executive leaders, IT professionals and teleworkers.
Creating a Sense of Urgency
Creating a cybersecurity protocol for remote employees may not be a top priority for many businesses when they are struggling against other important issues during this pandemic. But each company needs to evaluate not only the financial and reputational impact of a data breach, but also the risk of regulatory oversight. There is no time like the present to reassess your company’s best practices and evolve in the current setting. Establishing a cybersecurity protocol now, can help avoid larger problems later.
To discuss your cybersecurity policies in more detail, reach out to your Sequoia Risk Advisor or connect with them in HRX.
Disclaimer: This content is intended for informational purposes only and should not be construed as legal, medical or tax advice. It provides general information and is not intended to encompass all compliance and legal obligations that may be applicable. This information and any questions as to your specific circumstances should be reviewed with your respective legal counsel and/or tax advisor as we do not provide legal or tax advice. Please note that this information may be subject to change based on legislative changes. © 2020 Sequoia Benefits & Insurance Services, LLC. All Rights Reserved