The emergence of COVID-19 has pushed many organizations to implement a remote workforce policy by necessity. While working remotely has its benefits, remote workers can bring added security risks to an organization of any size. Many cybercriminals are targeting remote workers, as the security measures used in remote working environments can be much easier to penetrate than the more robust security measures in traditional office environments. Such security risks can lead to devastating data leaks and privacy issues for organizations. Just one major cyber-attack has the potential to cripple an organization.
Below are several best practice recommendations to help organizations implement reasonable security measures in a remote work environment and to safely manage a remote workforce:
- Understand the Risks: Organizations should start by taking steps to map out the threat landscape:
- Evaluate current technology used by the organization (inside and outside the workplace), and audit it for security and effectiveness. Avoid adding additional technology during this time period unless it is crucial to the effectiveness of employees’ remote work
- Anticipate risks such as unsecure home and public Wi-Fi networks, cybercriminals, and remote device challenges
- Update IT department on risks and potential troubleshooting needed for a response to security issues, such as the potential need to remotely deactivate or cut off access to a device
- Develop Policies to Minimize Exposure: Organizations can help to mitigate increased security risks that accompany a remote work environment by developing policies that implement the following key strategies:
- Develop policies regarding remote work expectations, the use of remote devices, and a response plan for addressing cyber threats, should they occur
- Require the use of work-issued computers and other devices whenever possible
- Implement multi-factor authentication
- Require use of a VPN (virtual private network) to help provide a secure environment in which data can be securely transmitted between a remote employee and an organization’s private network
- Require using a USB data blocker when charging devices through unknown ports
- Strengthen passwords and change passwords frequently
- Require use of a firewall on routers and devices
- Educate Remote Workforce: Ensure that remote employee training includes the following strategies designed to mitigate remote work risks:
- Highlight common mistakes that employees make when working remotely that can easily be avoided, such as leaving laptops in cars
- Require employees to lock devices when not in use
- Train employees to avoid: (1) opening phishing e-mails; (2) opening any unknown computer files; and (3) using unknown thumb drives/plug-ins
- Emphasize that employees must keep devices and applications updated with the latest security software
- Require employees to use corporate email addresses for all business dealings
In the middle of a global pandemic, transitioning to a remote workforce has the potential to greatly increase an organization’s efficiency, collaboration, and productivity, but not without added privacy and security risks. The recommendations listed above can help organizations mitigate the potential privacy and security threats that accompany a remote workforce. To keep up with constantly evolving potential cyberthreats, we recommend staying up to date with the latest security measures and data protection methods.
For additional recommendations on working remotely, see DRI’s Top 12 Information Security Recommendations for Law Firms and Other Businesses Operating in a Quarantined World, which Fey LLC’s Principal, Laura Clark Fey, Vice-Chair of DRI’s Cybersecurity and Data Privacy Committee, prepared along with other members of DRI’s Cybersecurity and Data Privacy Committee.
For more articles and alerts on this or other significant data protection laws and developments, follow the Fey LLC LinkedIn page here.
Will Davis, a law student at the University of Florida-Levin College of Law, contributed to this post. Mr. Davis is a law clerk with Fey LLC.