Greater Norwalk Chamber
  • Member Benefits
    • Publications
    • Networking & Programming
    • Advertising Opportunities
    • Member Login
    • Membership Application
    • Communication Preferences
  • Member Directory
  • Events & News
    • Chamber Calendar
    • Chamber News
    • Member Calendar
    • Norwalk Leadership Institute
  • About Us
    • Our Team
    • Executive Committee
    • Board of Directors
    • Ambassadors
    • Norwalk Job Board
    • Resources >
      • Greater Norwalk Area
    • Contact
Join The Chamber

News

ARTICLE

Date ArticleType
3/17/2020 COVID-19

COVID-19: Privacy and Cybersecurity Risks of Telecommuting by Carmody Torrance Sandak & Hennessey LLP



707 Summer Street, Suite 300 Stamford, CT 06901 | 203.425.4200 | carmodylaw.com
Facebook | Instagram | LinkedIn | Twitter
Member Profile | Member Since 2001


Originally published by Carmody Torrance Sandak & Hennessey LLP on March 17, 2020

Enabling work from home is a solid start to managing your organization’s COVID-19 risks. Yet, while it resolves some issues, it raises others. Before providing remote access to the company’s IT systems and digital assets, consider the privacy and data security implications of telework. Here are a few top-of-mind considerations:

Raise awareness without increasing stress. Provide actionable ideas for safeguarding business and personal data when working at home. For instance:  
Re-read policies relating to remote access, including acceptable use of company assets and information and use of personal devices for work (“BYOD”). 
Need to work with others?
Use IT-approved collaboration and conferencing apps or service
Need to transfer or store data files?
Use IT-provided cloud storage services – not personal accounts (e.g., Google Drive, Dropbox, OneDrive).
Avoid personal email for transmitting confidential company or personal data
Need to take home devices, data, binders, and files? 
Don’t over collect. Take only what’s necessary. Return for other items as needed. 
Be sure all laptops, devices, and flash drives are encrypted.
Keep confidential information out of sight from unauthorized individuals
Secure company property against theft or unauthorized access.
Need to print?
Print only as absolutely necessary and keep all paper with confidential information secure and out of sight, until it can be brought back to the office.
Is Alexa listening? 
Disable or modify use of home digital assistants (e.g., Alexa, Siri, Google Assistant) to prevent active listening to or recording of confidential business calls. 
Need a personal device?
Limit local file storage to a single folder and delete the folder once files are transferred back to company systems.
Clear out the “downloads” folder daily.
If using home Wi-Fi, ensure that the router is password-protected (and use your own strong, unique password – not the factory settings).  
Avoid public WI-FI.

Beware of Business Email Compromise (“Phishing”)

Coronavirus opportunists and scammers abound, as explained in this Federal Trade Commission bulletin. Alert both executives and frontline workers to the increase in phishing scams and what they can do to fight back:
Before clicking on links or opening attachments, independently verify (i.e., not via contact info found in the suspect email itself) the source of any unexpected email that:
prompts entry of username and password or the download or execution of certain documents or software;
requests transfer of protected personal information such as SSNs, bank information, HR info and tax documents, or health information; or
directs the transfer of money, whether by requesting wire transfer, changing previous wire transfer instructions, or directing the purchase of gift cards and subsequent disclosure of their security codes.
Watch for lookalike domain names in emails that otherwise appear to come from known colleagues or superiors (“spoofing”).
Use complex, randomly generated passwords or unique passphrases; and use an IT-approved password manager to keep them secure instead of recording them on a “sticky note” or elsewhere.
Promptly report suspicious emails and potential privacy or cybersecurity incidents.


Provide Workers with Secure Remote Connection and Monitor Remote Access

Many of the foregoing measures will be meaningless without a secure (encrypted) connection to the organization’s computer systems. An enterprise virtual private network (“VPN”) effectively provides an encrypted “tunnel” from the employee’s Internet-connected device to the employer’s network. Alternatively, where certain roles require access to only certain internal web-based or “cloud” applications (as opposed to the entire internal network), the employer can provide access to such applications via a secure web portal where remote users can authenticate. A few additional considerations:
Regardless of type of remote connection, implement and require the use of multi-factor authentication for email and other network logins, which is the number-one defense against the phishing risks described above.
Just as we see increased Coronavirus phishing attempts, anticipate increased hacking and intrusion attempts. 
Equip IT security personnel to ramp up review of access logs, attack and intrusion detection, and incident response and recovery.
Be extra diligent to keep up with patches and updates to VPNs and other remote computing software. 
Test capacity. How many remote workers can your systems handle?
Finally, outside threats are one thing, inside ones another. Beware employees exporting trade secrets under the guise of materials needed for working at home.

Remote working raises additional employment law issues that are separate and distinct from privacy and cybersecurity. For additional information on this and other workplace legal issues arising out of the COVID-19 pandemic, please see our March 13, 2020 Client Alert, “Advice for Employers Amid Growing Coronavirus Concerns.” We continue to monitor and analyze issues related to the pandemic and will update clients accordingly.  

If you have any questions or would like additional information, please contact any member of our Privacy and Data Security team:

Sherwin M. Yoder, CIPP/US, CIPP/E, CIPM
203.784.3107 | syoder@carmodylaw.com

Jennifer A. Calcagni
203.575.2648 | jcalcagni@carmodylaw.com

Damian K. Gunningsmith
203.784.3185 | dgunningsmith@carmodylaw.com

Mariella LaRosa
203.575.2654 | mlarosa@carmodylaw.com

Todd Michaelis
203.578-4287 | tmichaelis@carmodylaw.com

Tamara Nyce
203.578.4275 | tnyce@carmodylaw.com

Arthur G. Schaier
203.575.2629 | aschaier@carmodylaw.com

© 2024 Greater Norwalk Chamber.  All Rights Reserved.
101 East Avenue, Norwalk, CT 06851 | Phone: 203.866.2521 | [email protected]
Privacy Policy | Terms and Conditions | sitemap
  • Member Benefits
    • Publications
    • Networking & Programming
    • Advertising Opportunities
    • Member Login
    • Membership Application
    • Communication Preferences
  • Member Directory
  • Events & News
    • Chamber Calendar
    • Chamber News
    • Member Calendar
    • Norwalk Leadership Institute
  • About Us
    • Our Team
    • Executive Committee
    • Board of Directors
    • Ambassadors
    • Norwalk Job Board
    • Resources >
      • Greater Norwalk Area
    • Contact