With approximately 80% of the nation on some sort of lockdown or work restriction, working from home has become the new normal for many. As noted from my last posting, one result of this shift has been more data breaches, including increases of over 100% in many industries. There are numerous actions which all businesses should be taking (and should have been taking prior to the Coronavirus outbreak) to maintain appropriate data privacy and security policies and procedures – all of which would have made the rest of this post moot. However, for those companies which have not previously taken such action, or for those which just want a refresher, there are also some simple steps that all companies can and should take to minimize harm from data breaches apart from implementing comprehensive policies, procedures and training, including the following:
- Make sure all remote workers have your company’s security software loaded on all devices being used for remote work, and importantly, make sure all such security software is kept up to date. In that regard, you may need to require that your remote workers manually update all such software on a regular basis.
- Employ proper password protocol. If you are not using a professional password manager, you should assure that all passwords are at least 12 characters long and include a mix of numbers, symbols, capital and lowercase letters. However, while previous protocol suggested a random garbling of phrases that constantly changed, current best practices suggests not frequently changing passwords, but use passwords that are much longer (more than 12 characters) and encompasses a phrase that only has significance to the user (think “MySon’s1stHomeRunWasLastWeek!” or “MS’s1stHrWLW!” instead of “Mike123$”). Of course, passwords should never be shared except as appropriate with the company’s assigned administrator.
- Require that all home routers have encryption turned on. See https://www.consumer.ftc.gov/articles/0013-securing-your-wireless-network for more information.
- Provide all employees with trusted VPN access.
- Encourage use of approved and secure cloud services and avoid having work documents saved to the employee’s hard drive. Similarly, assure that all documents are constantly saved in the event there is a power outage, breach or computer/system crash – even if merely due to the temporary overload of Internet traffic. Make sure that once documents are saved to the cloud, proper back-up procedure is in place.
- Avoid the use of USB memory sticks. The US Department of Homeland Security has deemed use of memory sticks as risky due to the number of viruses and malware that have been transferred on such devices. With home computers/systems even more vulnerable than most office systems, the risk of using memory sticks is compounded.
- Require employees to physically protect their devices from small children who may accidentally hit the wrong buttons, or even spill a glass of milk on a laptop which cannot easily be replaced these days.
- To the extent possible, separate work and personal devices.
- Provide a quick lesson/refresher to all employees on the risks of phishing and business email compromise and what to look out for.
- Work on contingency plans in the event Internet services are interrupted for some or all of your workers. Plan, plan, plan.
For more information or assistance, please visit www.olenderfeldman.com or contact Michael J. Feldman, Esq., at or 908-964-2486. Please also visit https://www.olenderfeldman.com/blog/ for constantly updated and useful critical information on government action, legal changes, funding (loans, grants, etc.) opportunities and related matters in connection with the Coronavirus.