Data Security Practices To Consider As Work Life Environments Evolve
By: Dan McCue, Eric Langland, and Josh Silver
Since March 20th, all but five states have issued stay-at-home orders, drastically and rapidly changing the way companies operate. Many companies have switched to remote working and organizations are adapting to the new norm and making decisions about how to operate in the future. At the same time, the Federal Trade Commission has warned that cyber-attacks and phishing scams aimed at remote employees are at an all-time high. As businesses consider reopening, using an abundance of caution and specific physical safety guidelines, best practices have to be similarly applied to data security, as the new normal is likely to continue to blur the lines of in-office and at-home work spaces. With that in mind, what should employers do to mitigate data security risks while operating in this new digital environment?
Start with the Security Basics and Assess your Company’s Protocols
Many companies have been forced to allow employees use of personal devices to access company networks, while others have decided to take the financial hit and order new laptops and phones. Regardless of the approach, routine software updates are required to ensure your data is protected from hackers. Updating software includes not only operating systems but also mobile and web-based applications. In fact, while updating software, employers should take steps to implement:
- Multi-factor authentication for logging onto the company network;
- Encryption on any devices that have access to company data;
- Mandatory updates to employee password strength, including limiting sign-on attempts; and
- Protocols that direct employees to encrypt their home networks and routers with at least WPA2 or WPA3 protection.
Implement Company Policies and Awareness Around Advanced Scamming and Phishing Techniques
Scammers and hackers have been taking advantage of the COVID-19 pandemic and the increased amount of e-mail alerts that have come with it. The ability to distinguish between what is real and what is fake has become more difficult as phishing techniques become more advanced. Often, scammers will send both a text message and an accompanying e-mail in a time sensitive manner to make you think that someone you know is trying to reach out to you quickly and needs help.
According to the FTC, here is the most common list of “stories” that scammers use in order to get an employee to click on a link and thereby gain access to the company network:
- They’ve noticed some suspicious activity or log-in attempts
- A claim there’s a problem with your account or your payment information
- A message instructing you to confirm some personal information
- Fake invoices
- A request to click on a link to make a payment
- A message about your eligibility to register for a government refund
- A coupon for free stuff
- A request for a money order or western union to prevent legal trouble
Sand boxes, email banners, software filters, cyber insurance, and back-up systems can also help prevent or mitigate damages from phishing emails.
We are here to help if you need assistance with assessing your data security practices and updating your policies and procedures to reflect the new remote work environment. Data security and privacy regulations are constantly changing as lawmakers attempt to keep up with technology. Please don’t hesitate to reach out to discuss how to best protect your business through this shifting legal and economic environment.
To learn more visit our Coronavirus Legal Response Team webpage.