Precautions against the spread of COVID-19 have led to many organizations requiring their employees to work from home where possible.  Working remotely increases the possibility of cybersecurity threats, however, including some threats that can be directly targeted to those working remotely.  Unfortunately, those who seek to access secure data illegally are also continuing their work during the outbreak and it is important that employers and employees remain cautious and vigilant in fulfilling their data security responsibilities.Employees working from home may be accessing and transmitting their employer’s secure or proprietary information, as well as that of the company’s clients.  The failure to keep that information secure can have a host of adverse consequences, including business damage or loss, identity theft, liability, or it can trigger state or federal data breach notification laws.Online threats to remote workers include:

• Unsecured wifi networks. Although most workers during a quarantine will be working from home where it is more common to secure one’s wifi, some workers will occasionally use public wifi spots that are commonly used by bad actors to collect confidential information from the unwary.  Employees should be reminded not to use public or unsecured wifi for company business.
• Personal devices and networks. Many, though not all, workers will be using their own personal computers, devices, and home networks for work.  These devices and networks will likely not be equipped with the tools that businesses use to protect their data, such as secure antivirus software and firewalls.  As a result, they are more susceptible to malware that can access secure information and leak it.  Employees working from home are likely to take measures such as downloading secure information to their personal computers or devices or using file-sharing services.  Unless those devices have been configured with adequate security measures, employees should not save secure materials to those devices.
• Scams targeting remote workers. Scams targeting those who work from home are not new and will likely only increase as remote workers increase in number.  For example, emails disguised as coronavirus updates or as updated company policies may fool employees into clicking on a malicious link or sharing access information.  In particular, the World Health Organization has issued warnings about scammers pretending to be the organization.

It is also crucial that employers also maintain their incident response requirements for responding to data leaks.  Employees working remotely should be reminded that they are required to notify their employers of any possible data security breach even though they may be out of the office.Employers are strongly encouraged to remind employees of data security risks and their obligations to maintain good security practices even when working remotely.If you have any questions about data security in this time of virus and quarantine, please feel free to contact Marc Reiner at HBA (mreiner@hballp.com).Marc Reiner’s current practice includes General Commercial Litigation; the registration of trademarks; litigation and counseling in the areas of trademarks, copyrights, false advertising, cybersquatting, and violations of the rights of privacy and publicity.