March 2020

Practical considerations for employers as their workforce goes remote amid COVID-19 outbreak

Last updated April 2, 2020

April 2, 2020 update -- Since we last shared tips to prepare for moving your workforce to a (largely) remote operation, concerns have arisen with the security of video-conferencing resources.

To ensure the security and confidentiality of these meetings we recommend:

• Not posting the link/invite on social media;  instead send the link only and directly to the intended attendees

• Do consider creating a password for that meeting – and do not use the same password for all of your meetings

• Limit screen sharing to the host unless needed otherwise for participants to share content, too

• Use the “waiting room” to admit only intended participants

• Lock the meeting after all intended attendees have “arrived”

Make sure that your own employees are using the most current version of all applications.

People still remain the weakest link, particularly when we are removed and isolated from our coworkers. Cyber mindfulness training of personnel should not be an afterthought. Remind and refresh personnel of your business’ policies and procedures, and best practices.

We are available to provide a one-hour webinar or video conference to train and refresh your personnel.

Originally published March 16, 2020 -- As a growing swath of the U.S. workforce logs in to work from home to avoid the spread of COVID-19, employers should be considering cybersecurity and data privacy best practices to ensure their operational well-being, as well as that of their employees.

An appropriate immediate action plan would include:

• Addressing and communicating to personnel written policies and procedures intended to ensure that they are working in a secure manner
• Vetting vendor policies
• Confirming insurance coverage
• Confirming sufficient licenses for remote access portal needs

Specifically, your checklist should include:

Operational/Access Considerations:

• Secure access credentials
• Robust passwords
• Multifactor authentication
• Ability to manage and remotely wipe lost or stolen devices
• Ability to manage credentials and limit access
• Printer and other personal device data storage, retention and deletion practices
• Devices with cameras
• Hot spots and/or secured routers – not public Wi-Fi – for Internet access
• Shredding of printed documents
• Working remotely only through work environment

Patching:

• Company issued devices for remote access should be updated and patched
• If personal devices will be used, personnel should be reminded to update and patch

Vendors:

• If vendors/consultants advise you that their work force will be working remotely, ask for confirmation of their security practices

Insurance:

• Confirm cyber/crime policies will include incidents occurring while employees are working on personal devices
• Consider business interruption coverage due to vendor (cloud provider) failures

Incident Response Plans:

• Confirm points of contact for remote work force/vendors
• Confirm remote work force know to whom notice must be given within the organization

Licenses:

• Confirm the company has sufficient number of licenses for VPN portal to support number of staff expected to work remotely

For more information, please contact your CSG attorney.

For additional information pertaining to the coronavirus outbreak, please visit CSG's COVID-19 Resource Center.

---

This publication contains general information on recent legal developments and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. Attorney Advertising. Prior results do not guarantee a similar outcome.