Among the many challenges of managing a remote workforce, privacy and cybersecurity risks and protections are near the top of the list. Below are a few measures and critical questions you should be discussing with your workforce.
FOR YOUR IT AND INFORMATION SECURITY TEAMS
- Are the company’s computers up-to-date with the latest security patches and updates, including network and software applications?
- Does the company run antivirus and anti-malware software with the latest definitions?
- Can the company require multi-factor authentication to access company networks and applications?
- Is the company’s Bring Your Own Device Policy up-to-date with clear requirements and restrictions?
- Are user access controls set at the least access level, meaning that users have no more than the minimum access needed to perform their work responsibilities?
FOR YOUR EXECUTIVE TEAM
- What does the company’s cyber insurance cover with respect to data breaches, ransomware, and other liability arising from remote workers?
- Are there any exclusions that apply to remote workers?
- Has the company clearly communicated to employees regarding work-from-home privacy and cybersecurity expectations?
- When did the entire workforce last undergo proper cybersecurity awareness training?
FOR YOUR ENTIRE WORKFORCE
- Do not use your company-issued devices or network for personal use.
- Do not save user IDs and passwords in web browsers.
- Do not use public Wi-Fi or set your device to auto-connect to a public Wi-Fi.
- Do not save sensitive, confidential or company data to your personal computer, company-issued device’s hard drive, or an external drive.
- Encrypt your devices, and before you send files and emails with confidential or sensitive personal information, make sure that the files and emails are encrypted.
- Always log off of the company’s network and lock your device when you are not using it. Do not open emails from people or companies you do not know.
- Verify all requests for information or financial-related instructions directly with the individual requesting it.
- Do not click on links in emails or open attachments from suspicious emails.
NOTE: This general summary of the law should not be used to solve individual problems since slight changes in the fact situation may require a material variance in the applicable legal advice.