Among the many threats posed by the COVID-19 pandemic is increased cybersecurity risk. With the rapid transition to remote work, employees are using new technologies and applications in unfamiliar settings. Hackers and phishers are already taking advantage of the chaos with an increased volume of targeting attempts across a broad swath of industries.
No business is immune from such threats even in the best of times. With escalated risk, remain mindful of the legal risks and challenges posed by remote work, and consider taking measures to protect your business’s data (and the data of your customers, clients, and users). Those measures can include:
- Implement and disseminate security protocols. Although you surely have a lot of other pressing things on your agenda, consider taking this opportunity to update (or create) reasonable cybersecurity and data protection protocols. When you do, distribute them to employees and provide whatever training you can to ensure they are implemented appropriately.
- Anticipate and address additional burdens on information technology staff and other resources. Your IT capacity (including personnel and other resources) was likely built without considering a massive surge in remote work. Lack of capacity to handle the current environment can not only interfere with business operations, but can increase vulnerability to malevolent cyber attacks. Think carefully about how to build additional capacity in view of what may be many months of widespread remote operations.
- Take specific steps to ensure the protection of confidential information. Employees used to operating in controlled conditions at work may not know how to handle sensitive and/or confidential information when working remotely. They may, for instance, transmit confidential information via unsecured, cloud-based apps or even save such information to their personal hard drives. Make sure you adequately inform and train employees on how to handle sensitive data in the remote work context.
- Be on the lookout for pandemic-specific attacks. With so much information related to COVID-19 and the pandemic being transmitted via email and other electronic means, it would be easy to mistake an attack for a legitimate email or document. Everyone on your system should be extra vigilant about pandemic-related emails from unfamiliar senders.
- Seek counsel to help with these issues. Cybersecurity and data privacy issues are not just business issues; they create real legal risk. FGMC attorneys are available to help you navigate these matters during this difficult time.