With most of the United States currently under various state mandated stay-at-home orders in the face of the COVID-19 pandemic, many businesses have transitioned to a work-from-home service model. In New York, all non-essential businesses have closed in-office personnel functions for the foreseeable future as required by Governor Cuomo’s “New York State on PAUSE” executive order. This transition presents unique risks, including privacy and cybersecurity risk when using home-based or work provided computer systems. In the current environment, cyberspace is as vulnerable as it is vital and companies may want to use this opportunity to examine their cyber hygiene.
In addition to privacy, the security of company and client data during this time should be a critical priority. New York recently passed the Stop Hacks and Improve Data Security Act (the “SHIELD Act”) that expands the existing definition of personal information to which data breach notification requirements apply and requires companies to use reasonable measures to protect private information. In a time of increased system vulnerability and the concomitant increase in the number of hack attempts as a result, companies can adopt a number of precautions to avoid a data breach:
- First, start with updating company systems. Regular updates for operating systems and applications often contain important security updates. Keeping devices (computers, tablets, phones, routers, and other devices) up to date with the latest patches is an important, and relatively easy, way to keep your systems and data more secure. Turning on automatic updates only takes a few minutes and may make the process even easier.
- Second, make sure employees avoid use of public Wi-Fi networks. Instead, use private home networks or mobile hotspots. If public or shared Wi-Fi network must be used, use a virtual private network (“VPN”) while accessing company databases, email, and other services while limiting access to sensitive services and data. Using a VPN allows your employees to connect to your company’s intranet, the private network designed to be used only by your company’s staff.
- Third, make sure employees are using strong passwords. For further protection, consider the use of multi-factor authentication to access your network and/or accounts and services.
- Lastly, make sure your employees are on the look-out for phishing e-mails and sites. Phishing is a form of social engineering designed to deceive users. Once inside your network, a cybercriminal can take advantage of sensitive information for their own personal profit and advantage.