Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back

Know the Law: Preventing Remote Workers from Creating Cybersecurity Risks

Written by: Cameron G. Shilling

Published in the Union Leader (3/29/2020)

Q. What should businesses do to prevent remote workers from creating cybersecurity risks?

A. Businesses are rapidly transitioning to remote workforces to combat the coronavirus. For businesses that already support remote work, that transition may occur fluidly. For businesses that do not, the cybersecurity risks are more frightening.

1. Protocols: Businesses that have protocols for remote working should reinforce them with employees. Businesses that do not should create temporary protocols.

2. Laptops: Businesses should permit employees’ access to networks using only company computers, with encrypted hard drives, up-to-date anti-virus/anti-malware, strong passphrases/passwords, and locks after 15 minutes of inactivity. Employees should not have administrator privileges. Employees should be instructed to shut down when not in use, and that family members may not use company computers.

3. Virtual private network: Access to the network should be only through a secure company VPN, which has multi-factor authentication, prevents downloading to a local drive, prevents access to local printers and internet-of-things devices, and is configured with robust logging. Employees should not be allowed to use the VPN on a personal computer.

4. Mobile devices: Businesses should permit employees to access company email only using a mobile device that has a password or biometric. More effective controls exist with a mobile device management application.

5. Email: Remote access to company email and cloud storage should be allowed only using a company computer or mobile device discussed above, with a strong password and multifactor authentication. Outlook Web Access should be disabled.

6. Wi-Fi: Home and public Wi-Fi are vulnerable. Employees should be prohibited from using insecure public networks. Businesses should ensure that home networks of executives have a company monitored firewall, and other employees use a VPN described above.

7. External drives: Businesses should prohibit employees from using external or USB drives, unless encrypted and company owned. Disabling USB ports or installing an application that encrypts drives are effective protections.

8. Attacks and crime: Hackers are capitalizing on this crisis. Businesses should have safeguards against phishing and social engineering, like headers alerting employees to emails from outside the organization, a button permitting employees to forward suspicious email to IT, and a ‘sandbox” that executes links and attachments in a safe environment. Businesses also should require employees to confirm the authenticity of every monetary transaction via a secondary authorization (like voice confirmation).

9. Privacy: Privacy laws are in effect during this crisis, including laws protecting health and personal information (like HIPAA, GDPR, and CCPA). Businesses cannot disclose health or personal information about a person who is or may be affected by the coronavirus without complying with statutory requirements.

10. Prohibited activities: Businesses should remind employees that certain activities are prohibited, including handling company information using a personal email account, personal cloud (like Dropbox or iCloud), or personal computer.

Cameron can be reached at [email protected].

Know the Law is a bi-weekly column sponsored by McLane Middleton, Professional Association. We invite your questions about business law. Questions and ideas for future columns should be emailed to [email protected]. Please note – Know the Law provides general legal information, not legal advice. We recommend that you consult a lawyer for guidance specific to your particular situation.

Integrity and trust

At McLane Middleton we establish and maintain long-standing relationships with our clients to help us better achieve their unique goals over time. This approach to building trust requires that our esteemed lawyers and professionals use their broad, in-depth knowledge and work together with integrity to ascertain sound resolutions to legal matters for their clients.

Strength in numbers

McLane Middleton is made up of more than 105 attorneys who represent a broad range of clients throughout the region, delivering customized solutions. As a firm we are recognized as having the highest legal ability rating. The firm is rated Preeminent by Martindale Hubbell and is recognized as one of the nation's leading law firms in Chambers USA. Our attorneys are distinguished leaders in their respective practice areas.

Meet Our People

Commitment and collaboration

McLane Middleton's versatile group of attorneys and paralegals become trusted authorities on each case through collaboration. We work with our clients to learn their individual needs first and foremost and, together, we develop comprehensive solutions to their specific legal matters. This approach helps us exceed our clients' expectations efficiently and effectively, client by client, case by case.

Practice Areas

A history of excellence

McLane Middleton was established in 1919 in New Hampshire, and has five offices across two states. However, deep historical roots don't allow you to become innate. Our firm is organized, technological, and knowledgeable. Our history means we are recognized. But our reputation is built on the highest quality of service and experience in very specific areas of law.

The Firm

Intelligence paired with action

Our team continuously seeks opportunities to enhance their professional development and put key learnings to action. The pursuit of further insight guides us to volunteer service opportunities, speaking engagements, and teaching roles. Our lawyers are sought after thought leaders across their industries, and recipients of leadership awards throughout the region.