Working From Home – Corporate Best Practices During COVID-19

On March 18, 2020, the Families First Coronavirus Response Act was signed into law, marking the second major legislative initiative to address COVID-19. The following is a general discussion and not intended to give specific legal advice.  For specific guidance as it applies to your firm, please contact us or your own legal professional.

Practices to stay cyber safe while working out of office at home:

Under extraordinary circumstances, businesses are quickly adapting to remote work on a large scale. In doing so, companies should promote best practices to protect sensitive data. Below are some techniques that your company can employ to help ensure that sensitive personal or company information stays safe:

Securely connect to work networks:

• A best practice to ensure that employees are connecting securely to a company’s network is to have them sign in via a virtual private network (VPN) that is properly administered.
• If possible, have employees utilize multi factor authentication when logging in to the network. In other words, the employee first identifies themselves with a password and then completes their login by acknowledging a message sent to a device that they control.
• Companies should train employees on how to securely connect to the network and safely use multi-factor authentication by providing written instructions and holding tutoring sessions.

Consider security issues involving remote meetings:

• Companies should obtain a license for employees to utilize secure and reliable teleconference and video conferencing services and discourage piggy-backing new users on existing licenses.
• Employees should avoid sharing a meeting link too broadly.  If employees use the same pass code to access all meetings, consider having them change the code periodically.
• If employees are engaged in a particularly sensitive conference, employees should consider using a special PIN for the meeting.
• Employees should make sure they know who is attending remote meetings.  For example employees can turn on notifications that announce when individuals join a meeting, or at least require new attendees to identify themselves.
• Employees should not record meetings unless it is necessary to do so.

Make sure sensitive information is kept secure:

• Employees should protect sensitive information that they possess in their remote workstation.  This includes personal information about employees, customers, vendors, and proprietary company information.  Electronic documents should be kept on the company’s network, physical copies kept secure, and any documents that are no longer needed should be shredded.
• Sensitive or confidential company information transferred in electronic form outside of the company’s network should be encrypted and a password provided separately for the recipient to open the document.
• Cyber security incidents may increase in frequency during these uncertain times. Employees should be equipped to recognize phishing email and telephone attacks and utilize the company’s internal lines of communication to report any suspected cyber attacks.

Employees should be extra careful when using personal devices:

• Companies should develop policies for employees utilizing their personal devices.  The policies should set limits on how these devices can be utilized and the authority the company has over those devices in the event of a data breach.
• Employees should protect their personal devices by:  (1) safeguarding them with strong and unique passwords, and (2) only connecting them to home Wi-Fi with a strong password and utilize the most up-to-date encryption (WPA2 or WPA3).
• Personal computers should have updated security software installed.