Likewise, adding a required password to a home wireless network, or updating the default administrator password, is another key step to prevent unauthorized users from connecting to an employee’s personal network. Second, companies should advise their employees about the increased risks of phishing and spam attacks, which become more prevalent when employees work remotely. As guidance regarding COVID-19 changes daily, scammers’ targeting becomes more sophisticated and cyberthreats arrive more frequently by email. Scammers love to take advantage of the headlines, by sending emails about coronavirus updates with links to click, which send unwary computer users to fraudulent websites. These sites trick victims into revealing sensitive information, providing unauthorized access to computer systems, or donating to fraudulent charities or causes. Employees should be reminded to: • exercise caution in handling any email relating to COVID-19. • avoid clicking on links in unsolicited emails and be wary of email attachments. • use trusted sources such as legitimate, government websites for up-to-date information regarding COVID-19. Third, businesses should verify that their remote, online meetings are being conducted securely. According to the National Cyber Security Centre (NCSC), multiple criminal groups have ramped up activity since January. As meetings, conferences, and other events are moved online, companies face increased risks of exposure to malware and ransomware. Moreover, because most businesses have moved to online meetings via platforms such as Zoom, WebEx, Microsoft Teams, Avaya Spaces, and Skype Business, heightened protections are required to ensure the privacy of business and customer data. Chiefly, security measures must be put in place while businesses use these virtual platforms. In cases where confidential corporate information or sensitive data (like personal health information) must be discussed, it’s important to remember that laws on protecting data still apply. Utilizing free accounts during this time can expose a business to a variety of negative consequences if that data is breached and/or misused. Some of these virtual platforms have reported that hackers can tap into a webcam and/or microphone without the user’s
knowledge, exposing secret information. To enhance security during online meetings, companies should: • use a password, not just a log-in for access to meetings. • require the “host” to admit meeting attendees. • set up the meeting to always encrypt the discussion “traffic.” • consider whether meetings need to be recorded, record only when necessary, and delete recordings when no longer needed. Fourth, employers should stress the need to restrict confidential information to the company’s computer network and not to personal computers or devices not connected to the company’s network. While protecting data comes at a cost, some affordable measures to implement include double authentication for signing into work systems through the use of passwords, and the use of RSA tokens or similar means of access to the company’s network. Some systems require a password and a code that is sent via text, while others call an employee’s phone to provide the security of double authentication. Finally, the most important thing a business can do is to create a “see something, say something” culture by encouraging employees to report any suspicious emails so that others may be on the lookout as well. Sending test emails to employees to make sure they follow proper procedure is another way for a company to protect itself. As we navigate these new remote ways of working and conducting business, it’s important to review applicable policies, procedures and protocols to ensure that you are keeping information secure. Our Cybersecurity Team, led by Shawn Morgan, understands data privacy and cybersecurity laws and regulations, and the need for robust corporate compliance. This team can assist businesses navigating these uncharted waters by helping companies to revamp their data privacy policies, by addressing security incidents and data breach responses when those circumstances arise, and by ensuring that businesses fulfill their compliance obligations.
Authors: Gillian Flick and Shawn Morgan, Steptoe & Johnson PLLC.
This article originally appeared in the PIOGA newsletter and is reprinted here by permission.
6
N a t i o n a l A s s o c i a t i o n o f D i v i s i o n O r d e r A n a l y s t s
Made with FlippingBook - Online Brochure Maker