Remote work, cyber risk and liability: How your SMB can handle it
May 22, 2020 11:57 am Leave your thoughts
In a previous blog post, we talked about the ways in which the novel coronavirus pandemic creates some serious and unexpected liability issues for companies large and small. Included in that discussion was a brief outline of some of the cybersecurity risks businesses may face when employees are handling sensitive documents on home internet connections and their own personal devices.
However, this is an issue that deserves a more in-depth examination, especially for companies that have no immediate plans to bring workers back to the normal office environment in the near future – or will continue to allow work-from-home flexibility going forward.
The following issues are something any manager, executive or owner should be looking into these days as a way to minimize risk of a data breach or misuse of critical files, as a means of reducing liability both now and in the future:
Device and network security
Perhaps the single most notable hurdle that comes with allowing employees to work from home is the technical aspect of it, according to tech expert Carrie Rubinstein, writing for Forbes. At the office, you can do a lot to make sure risk is minimized, including monitoring web activity, installing and regularly updating security software and so on. You have no such guarantees when employees work from home, using their own Wi-Fi networks and devices to access company information.
To mitigate some of that concern, you may be able to provide them with company laptops that come with all the latest and most effective antivirus and firewall programs, but there's more to it than that.
Knowing what to look out for
Even with the right equipment and programs in place, one the biggest issues that leads to data security incidents and lapses is the fact that many people just don't know the biggest potential risks they face as they get their work done, according to Security Magazine. The solution to this problem is simple: Train employees to recognize potential phishing scams or hacking attacks, and also teach them the importance of running antivirus scans on a regular basis to ensure their systems aren't infected.
When they're handling sensitive information for your company, employees or clients, your employees need to be extra vigilant about potential threats and you can play an important role in raising their awareness.
Getting everyone onboard
For all these reasons and more, it's critical for companies to set a standard for security around how employees work from home, and make sure it's clearly communicated, according to Heimdal Security. This can be a part of any security training session, but having that information codified in an official document and easily accessible to all employees will help remove any ambiguity from what's expected of workers and show them the critical steps they may need to take in any given situation.
Know how you'll respond
Unfortunately, all the planning and training in the world will not be enough to insulate companies from risk. In many cases, businesses and data breaches don't exactly have a will-they-won't-they relationship; it's a question of "when," not "if." Consequently, your company also needs to have a plan in place for what everyone is expected to do in the event of a data breach, malware infection and so on, according to the National Law Review. A little research from managers will go a long way toward figuring out how best to pivot after such an incident, and should certainly include whatever state and federal law dictates for the given situation.
Here, too, doing all this work now – rather than scrambling in the wake of an incident – is a must, as it will allow you to carefully craft contingencies no matter what happened.
As long as there are plans in place that help ensure risk is minimized, and that all involved are prepared to react appropriately in the event of an adverse incident, you may be in good shape to deal with just about any type of breach.
Categorised in: Business Law
This post was written by