Rebecca J. Bennett (L) and Danielle Vanderzanden (R) of Ogletree, Deakins, Nash, Smoak & Stewart. Courtesy photos Cybersecurity and Privacy: 10 Best Practices When Working From Home
As the pandemic permeates workforces with many employees continuing to work from home, businesses must remain vigilant against heightened cybersecurity risks. Below are 10 important measures and reminders that can help mitigate these substantial risks.
October 22, 2021 at 03:20 AM
5 minute read
As the pandemic permeates workforces with many employees continuing to work from home, businesses must remain vigilant against heightened cybersecurity risks. Below are 10 important measures and reminders that can help mitigate these substantial risks.
- Encrypt Data and Tightly Control Access to Encrypted Data.
Encrypting data at rest and in transit continues to be essential to information security. Instruct employees to store work on the employer's system (rather than on company-owned or personal devices). When working with third-party vendors, review contract terms to provide ample protection for your data.
- Deploy Secure Devices to Remote Employees.
Most employee-owned personal computers lack important malware and encryptions protections, and hackers capitalize on the vulnerabilities of personal computers. Such vulnerabilities increase the risks to data on these personal computers and data accessed from those computers (including data that resides on company servers accessed remotely). For entities covered by the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and other regulatory schemes, this is essential. Given these vulnerabilities, employers can consider requiring employees to keep all work data on company-owned devices and avoid cloud-sharing applications that have not been vetted for privacy and security. Limiting the diversity of storage repositories helps limit the number of potential avenues of attack.
- Enhance VPN Security, Password Strength and Telephone/Video Conference Protections.
Require multi-factor authentication to access the employer's virtual private network (VPN) (especially if employees are using their own devices to obtain such access). The fact that employees cannot interact in-person increases the need for multi-factor authentication and strong passwords. Reiterate the importance of using strong passwords and protecting the security of those passwords. Weak or stolen passwords remain a primary cause of compromise to information security.
Advise employees who discuss confidential matters by telephone or videoconference of the risks that intruders may attempt to hear and see such conversations. Sending conference coordinates (such as a meeting identification number) and passwords separately minimizes such intrusions. Turning on participant identification features and using technology that allows a moderator to remove unexpected participants will help ensure that only authorized individuals participate.
- Beware of Insecure Wi-Fi.
Advise employees to avoid accessing the internet on shared or public Wi-Fi services. If employees do not have access to multiple networks within their homes, advise them to use a personal hotspot or other dedicated wireless networks separate from the Wi-Fi to which others have access.
- Refresh Phishing Warnings and Employee Trainings.
Hackers are deploying new phishing scams and employees are falling prey to them. To help protect against nefarious actors, remind employees to refrain from clicking on links in any unanticipated email messages; follow company procedures when responding to requests for funds; refrain from buying gift cards from anyone claiming to be a company employee; avoid opening unexpected documents, links or other downloads; and beware of impersonation attempts. The uptick in phishing is widespread, and hackers are posing as banks offering COVID-19 assistance, entities providing COVID-19 avoidance and health advice, and a myriad of other businesses.
- Limit Access to Games and Websites on Devices Used to Access Employer Systems.
Many websites and online games provide vulnerability vectors; therefore, preventing employees from accessing non-work-related sites on devices used to perform work will limit these risks.
- Keep Track of Devices and Secure Physical Work Spaces.
During periods of remote work, tracking physical assets used to access employer systems is critical. In addition, employers may want to remind employees to apply physical measures to secure any devices that contain company data. Such steps may include locking home and home-office doors, placing devices in a safe, keeping devices with them while traveling, and locking screens before stepping away from their computers. Many information security incidents occur when a device is stolen or misplaced, and protecting the physical security of devices that may store information or perform computing functions is essential.
- Prevent External Device Attachment.
Thumb drives and other external devices provide avenues for data exfiltration and vectors for information security compromise. Employers may want to remind employees to limit the use of these devices and to keep them safe if they use them.
- Formalize Work-From-Home Arrangements and Train Employees.
Employers may find it useful to establish written protocols for remote work arrangements that address information security, privacy, and other work restrictions. In addition, employers can ensure that these policies require immediate disclosure of any potential information security compromise. Such written policies must protect the employer's ability to remove employer data from personal devices.
- Prepare an Incident Response Plan.
Extensive remote work arrangements, as have been necessitated by COVID-19, pose a myriad of heightened security risks to professional and personal information. Prepare to address those risks.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
While Data Breaches May Lead to Years of Legal Battles, Cyberattacks Can Be Prevented
4 minute read
Survival Guide for Executives and Board Members: 4 Steps to Safeguard Against Individual Liability for Data Security Failures
9 minute read
Proposed 'Bulk Sensitive Personal Data' Rule and the DOJ’s Comprehensive National Security Regulations
7 minute readLaw Firms Mentioned
Trending Stories
- 1Blank Rome Adds Life Sciences Trio From Reed Smith
- 2Divided State Supreme Court Clears the Way for Child Sexual Abuse Cases Against Church, Schools
- 3From Hospital Bed to Legal Insights: Lessons in Life, Law, and Lawyering
- 4‘Diminishing Returns’: Is the Superstar Supreme Court Lawyer Overvalued?
- 5LinkedIn Accused of Sharing LinkedIn Learning Video Data With Meta
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
