Trent Cotney and Elliot Haney, Attorneys, Cotney Construction Law
Across the country, the COVID-19 pandemic has forced companies to transition to remote working. While doing so is necessary to ensure the health and safety of your employees, businesses must recognize the additional risks that working from home has on its cyber security. It is essential that all companies encouraging employees to work from home understand the increased risk their business has of a data breach and the necessity of implementing new standard operating procedures to combat cyber threats.
The first step in preparing a cyber security plan should be to conduct a risk assessment, taking into
account the ramifications remote working has on the exposure of your company’s sensitive data. By allowing your employees to access corporate servers or VPNs from their personal devices, businesses run the risk of pre-existing malware or ransomware infiltrating your company’s data. This can cause a variety of serious data breaches, including the release of customer information, proprietary or trade secret knowledge and financial data.
In light of the increased exposure, your business should implement critical cyber security policies into its standard operating procedures. As a preventative measure, businesses should:
■ require employees to install updated firewall and virus protection on their personal devices,
■ mandate frequent password updates and dual authentication,
■ introduce administrative oversight to monitor employee usage and
■ conduct ethical hacking and penetration testing to ensure that your new policies are effective.
To help reduce your business’s potential liability, should your company experience a data breach, companies should immediately introduce and/or update its managed equipment policy, personal equipment policy, acceptable usage policy, security and maintenance policy and policy for record retention and destruction of corporate documents. Cyber liability insurance is also a worthy investment in these particularly vulnerable times.
The final step in developing an effective cyber security protocol is to develop a crisis management plan that will guide the company in handling a breach should one occur. The legal impacts of a security breach can be detrimental to your business, both from a reputational and financial standpoint. The release of confidential customer or employee information, while unintentional, can subject a business to liability if proper procedures are not in place both prior to the breach, as well as after. A crisis management team should be well-equipped with the necessary resources and team members to react within 24 to 48 hours of a breach. Your
plan should be developed with input from legal counsel, cyber security experts and technical support to ensure all your bases are covered.
As businesses struggle to stay afloat during these tough economic times, preventing a crippling data breach could be the difference between your company surviving the pandemic and falling victim to it. Working preventively is the best practice, by introducing standard operating procedures focused on reducing your company’s exposure to cyber risk and by developing a crisis management team to react quickly should a breach arise. But it is not enough to simply put these procedures into place; your business should run routine audits of your cyber security systems to enforce a culture of security and compliance.
Disclaimer: The information contained in this article is for general educational information only. This information does not constitute legal advice, is not intended to constitute legal advice, nor should it be relied upon as legal advice for your specific factual pattern or situation.
Cotney Construction Law is an advocate for the roofing industry and General Counsel of FRSA. For more information, contact the authors at 866-303-5868 or go to www.cotneycl.com.
Previous Article
Next Article