Summary
With the Covid-19 Pandemic forcing more employees than ever before to work from home (“WFH”), businesses face new and different data privacy and security risks. This change is not lost on U.S. regulators, but it does not mean that businesses will get a pass on data privacy and security issues potentially caused by the shift in working conditions. In an effort to help businesses navigate these new circumstances, BCLP has prepared a series of articles on addressing data privacy and security issues in a WFH environment.
A major weakness in any WFH system is that individual employees often fail to take necessary steps in securing their home network. This creates a situation where a company, who may have a robust security system in place protecting the company’s network, now has multiple unsecure points of access that are vulnerable to intrusion. Each non-secure home network increases a company’s risk of a data breach. As noted above, regulators, like the Federal Trade Commission (“FTC”), understand this new reality and, in response, have provided guidance1 on how employees can secure their home networks.2
Employers and managers would do well set up a training to walk employees through these guidelines, explain how safeguards can be implemented, and establish a timetable for employees to put the safeguards into place. IT teams should be prepared to field questions that employees have about completing the requirements. In most cases, implementation can be done in under an hour if employees receive proper instruction from management and IT.
The FTC recommends WFH employees observe the following guidelines when protecting their home network:
- Encrypt information sent over your wireless network using WPA2/WPA3. Although most wireless routers come with the encryption feature turned off, it can be turned on by going to your router’s settings or checking the company’s website.
- Only allow specific devices to access your wireless network. Wireless routers typically allow you to specify what MAC addresses have access to the network. If you have guests who frequently access your network, you can also create a separate guest network that is open to all devices though still protected with encryption requiring a password to access it.
- Secure your router by changing its defaults. You should go into your router’s administrative settings and take the following steps:
- Change your router’s default network names to something unique that only you know.
- Don’t broadcast the network names. You know them and can share them with guests and within your family as appropriate.
- Change your router’s default password. Hackers know most default administrator passwords, so change it to something only you know. You should also change any default “user” passwords.
- Turn off “Remote Management” features that allow remote access to your router’s controls. Hackers can use this to get into your network.
- Log out as administrator. After you’ve made your changes and set up your home network, log out.
- Update your router’s software. Routers, like computers, need to be updated on occasion. You should periodically check the router manufacturer’s website to see if there is a new version of your router’s software available for download. You may also be able to register your router with the manufacturer to get periodic updates by email or through your account.
- Protect your network during mobile access. Create strong passwords for mobile devices and mobile applications. Remember that strong passwords should have at least 12 characters, with a mix of number, symbols, and upper and lower case letter.
This article is part of a multi-part series published by BCLP to help companies understand and cope with data security and privacy issues impacted by the Covid-19 Pandemic. You can find more information on specific data privacy and security issues in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. www.consumer.ftc.gov/blog/2020/03/online-security-tips-working-home
2.
[View source.]
