The Matrix

Securely connect to work networks

• A best practice to ensure that employees are connecting securely to a company’s network is to have them sign in via a virtual private network (VPN) that is properly administered
• If possible, have employees utilize multi-factor authentication when logging in to the network – in other words, the employee first identifies themselves with a password and then completes their login by acknowledging a message sent to a device that they control
• The company should train its employees on how to securely connect to the network and safely use multi-factor authentication by providing written instructions and holding tutoring sessions

Consider security issues involving remote meetings

• Companies should obtain a license for employees to utilize secure and reliable teleconference and video conferencing services and discourage piggy-backing new users on existing licenses
• Employees should avoid sharing a meeting link too broadly, and if employees use the same passcode to access all meetings, consider having them change the code periodically
• If employees are engaged in a particularly sensitive conference, employees should consider using a special PIN for the meeting
• Employees should make sure they know who is attending remote meetings – for example, if allowed by the technology, employees can turn on notifications that announce when individuals join a meeting, or at least require new attendees to identify themselves
• Employees should not record meetings unless it is necessary to do so

Make sure sensitive information is kept secure

• Employees should protect sensitive information that they possess in their remote workstation – including personal information about employees, customers, vendors, etc., and proprietary company information – by keeping electronic documents on the company’s network, ensuring that any physical copies are kept secure, and disposing of any documents that are no longer needed by shredding them
• Sensitive personal information or confidential company information that is transferred in electronic form outside of the company’s network should be encrypted and a password provided separately for the recipient to open the document
• Cybersecurity incidents may increase in frequency during these uncertain times. Employees should be equipped to recognize phishing and spear-phishing email and telephone attacks and utilize the company’s internal lines of communication to report any suspected cyberattacks

Employees should be extra careful when using personal devices

• Companies should develop policies for employees utilizing their own devices, and the policies should set limits on how the device can be utilized and the authority that the company has over those devices in the event of a data breach
• Employees should protect their personal devices by:  (1) safeguarding them with strong and unique passwords, and (2) only connecting them to home Wi-Fi networks that are secured with a strong password and utilize the most up-to-date encryption (WPA2 or WPA3)
• Personal computers should have updated security software installed

It is important for companies to develop a security policy that defines telework, remote access and any limits on personal device use. And it is just as important to ensure that employees are aware of the policies and understand them. Please reach out to the Honigman Data Security and Privacy Litigation team to assist your company in ensuring that it is adequately protecting its sensitive information as employees increasingly work remotely and handle sensitive materials at their home worksites.