March 13, 2020 Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency Briefing on Covid-19 and Data Security

Colin Zick
Foley Hoag LLP - Security, Privacy and the Law
Contact
LinkedIn
Facebook
X
Send
Embed

Foley Hoag LLP - Privacy & Data Security

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) just completed a stakeholder security briefing. This was recorded and should soon be available on the CISA website, but in the interim, some key takeaways are:

  • We are in the “initiation phase” of the pandemic, meaning the worst is yet to come (the “acceleration phase”).
  • Covid-19 has been found in 42 states.
  • The presenters declined to comment on the likelihood of mandatory quarantines.

Chris Krebs, director of the CISA, discussed lines of effort for critical infrastructure segments. He discussed enterprise VPN security guidance from CISA for those now working remotely. Krebs noted that the private sector workforce needs to be on the alert for Covid-19 phishing scams. He welcomed reports of such behavior. Krebs also expressed concern about misinformation that has been present and urged care to verify claims before relying on information on social media. Krebs was asked about remote workers using wide-area networks. He referred to the CISA guidance on this.

* * *
Other cybersecurity issues that employers should be mindful of include the following:

  • working on unsecured personal devices at home (e.g., the family computer that the kids use for homework)
  • transferring company information using personal email accounts (e.g., employees emailing company files to themselves)
  • use of personal cloud storage accounts (e.g., their personal Dropbox account)
  • taking company documents home and not having secure means of storage (e.g., the shared desk in the home office)
  • use of unsecure connections from home to the company
  • use of unsecure conference call lines (e.g., check on the security of those free conference call services)

As many of us prepare to work remotely, your company should:

  • to the extent not done already, implement multi-factor authentication
  • ensure all machines have properly configured firewalls
  • review and update anti-malware and intrusion prevention security of information technology systems
  • test remote access solutions capacity and/or increase capacity
  • ensure access systems are fully patched.
  • increase awareness of information technology support
  • enhance system monitoring to receive early mechanisms for employees who work remotely
  • increase over detection and alerts on abnormal activity
  • update your incident response plans
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP - Security, Privacy and the Law | Attorney Advertising

Written by:

Foley Hoag LLP - Security, Privacy and the Law
Foley Hoag LLP - Security, Privacy and the Law
Contact
more
less

Foley Hoag LLP - Security, Privacy and the Law on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide