With Governor Evers’ Safer at Home Order #12 starting today, March 25, 2020, at 8:00 AM and continuing until 8:00 AM on Friday, April 24, 2020, unless rescinded or modified, more Wisconsin residents than ever will be “working from home” or “working remotely.”  Remote working arrangements should be effective to slow the community spread of COVID-19, as face-to-face interactions are being transitioned to online exchanges.  However, working remotely can present a host of cyber security issues.  We have several considerations and best practices to assist your business through this virtual period.

Beware of Additional Cyber Security Threats.  Working from home raises enhanced cyber security threats for companies—especially as employees access systems utilizing remote connectivity and utilizing home devices or personal accounts that may be less secure.  Furthermore, cyber criminals frequently exploit a crisis for their own gain.  Accordingly, companies and individuals should be especially vigilant in opening attachments, even if received from a known source and especially anything referring to COVID-19, as cyber criminals are increasingly using phishing emails.  These e-mails may appear to be offering you COVID-19 information or assistance and from a representative of a recognizable company and vendor.  However, be cautious with your clicks!  Companies and individuals should be observant in maintaining sound cyber security practices.

Information Security and Bring Your Own Devices (BYOD) Policies.  Review your current information security and BYOD policies to determine if there are any established security guidelines for remote work and remote access to company information systems.  If your organization does not have such policies, it is advisable that you consider implementing such policies to establish guidelines to address remote access to company information systems and for use by employees of personal devices for company business.  If your organization does have policies, it is a good time to remind your employees of the policies with respect to working from home in a secure manner, including which technologies to use and how to use them.

Data Breach, Incident Response, and Business Continuity Plans.  Review your data breach, incident response, and business continuity plans to ensure your organization is prepared to respond to a data breach or security incident given the increased security risk of remote work.

Best Practices.

• Avoid using public WiFi networks.
• Avoid using personal or shared devices.
• Avoid using personal e-mail accounts.
• Avoid unnecessary clicks.
• If possible, employers should offer employees a Virtual Private Network (VPN) to gain access to their company’s system.
• Require strong passwords and implement dual authentication.
• If possible, issue devices (e.g., laptops or tablets) that are encrypted and can be remotely wiped.
• Practice physical (e.g., don’t let your device get stolen) and technical (confirm you have anti-virus protection on your personal computer) security measures.

We’ve created an easy-to-use working remotely and safely best practices handout.