Cybersecurity for Remote Employees: Legal Requirements featured image

Cybersecurity for Remote Employees: Legal Requirements

by John DiGiacomo

Partner

Corporate Employment Law

The fact that employees are increasingly required to work from home does not obviate a company’s legal requirement to have reasonable company policies and procedures to safeguard consumer data and to protect sensitive company confidential information. Indeed, the dawning era of widespread work-from-home employment necessitates enhanced cybersecurity since there are enhanced data security risks associated with remote working.

The enhanced risks flow from several aspects of the work-from-home employment regime. First, because more data and information is being sent over the internet, there is an enhanced risk of hacking, hijacking and other interception of the data by cybercriminals. Second, employees are using devices and computers in the home work-area that have not been inspected or secured by the company’s IT department. Further, logic suggests that an increase in the number of at-home workers will result in an increase in the number of brands and types of computer and devices being used across the company. Moreover, employee-owned equipment may be obsolete and/or using antiquated, out-of-date security software. All of this increases the incompatibilities between hardware and software making more work and inefficiencies for the company’s IT department. The end result is a significantly increased potential for exploitable vulnerabilities.

Third, at-home employees have reduced direct day-to-day, hour-by-hour supervision by supervisors who may be better-trained with respect to data security and cybercrime. Reduced supervision increases the risks of hacking cybercrime. This is partly because less direct supervision increased the chance of employees conducting personal business. The at-home online environment may not have the same limited internet access or have other firewalls which are present in a standard workplace. The at-home work area is also likely accessible to family members and others who are not authorized to have access to company data and information. The risk is less that the family member will steal the data but, rather, that they might “surf the net” to danger areas allowing intrusion or exfiltration by a cybercriminal.

The solution is to create and implement official company policies and procedures for cybersecurity specific to the new work-from-home environment. Your company should already have such policies and procedures for an at-work environment, but a distinct set of cybersecurity policies is needed. Experienced employment and cybersecurity lawyers like the ones at Revision Legal can help.

As noted, the new policies and procedures must focus on protecting the company’s confidential intellectual property and on reasonably protecting against data breaches or exfiltration of sensitive consumer/employee data. Effective work-from-home policies and procedures will accomplish both tasks. Here are some of the provisions that should be included:

  • Training for work-from-home employees specific to data security
  • Training for work-from-home employees with respect to PHYSICAL security of at-home and mobile devices — at-home and mobile devices must be physically secured even though only family members are able to access the at-home work-area; proper security includes locked drawers/desks, complex passwords, regular password renewals, barring family members from using the device, etc.; mobile devices should never be left unattended, etc.
  • Training for your IT staff specific to data security risks associated with work-from-home employees
  • Stating the company’s commitment to securing the secrecy of the company’s intellectual property and consumer data
  • Where possible, mandate provision and use of company-purchased and owned equipment and mandate that at-home employees only use company-provided equipment
  • Procedures in the event a lost device or actual or suspected unauthorized access
  • Enact a no-tolerance rule for use of public wireless networks (like at a public library or coffee shop) — this rule is necessary even though, for now, there may be a lock-down on such public spaces; these work-from-home policies should be applicable for all work-from-home circumstances
  • Limit work-from-home employee’s access to confidential and consumer data
  • Ensure that all work-from-home employees have signed confidentiality and nondisclosure agreements — even short basic agreements are an important part of cybersecurity since they enhance an employee’s belief in the importance of these issues
  • Remote installation by the company’s IT staff of security applications and software with updates and upgrades regularly installed — the corollary is that the work-from-home employee must be prohibited from interfering with the company-installed security software, firewalls and protocols
  • For mobile devices, if not already in place, mandate installation of physical tracking software

If you need help with your company’s work-from-home policies and procedures or if you have legal questions about data security, how to respond to data breaches or about hacking and cybercrime, contact the data security lawyers at Revision Legal at 231-714-0100.

Extra, Extra!
Related Posts

Top Legal Issues an Internet Lawyer Can Help Your Online Business Solve

Top Legal Issues an Internet Lawyer Can Help Your Online Business Solve

Revision Legal

Running an online business has never been more accessible — but the legal risks that come with it are just as real as those facing any brick-and-mortar operation, and often more complex. A website, a social media presence, and a digital product catalog create exposure across privacy law, intellectual property, consumer protection, and online reputation […]

Read more about Top Legal Issues an Internet Lawyer Can Help Your Online Business Solve

5 Reasons to Hire an Internet Lawyer Before Launching Your E-Commerce Website

5 Reasons to Hire an Internet Lawyer Before Launching Your E-Commerce Website

Revision Legal

Launching an e-commerce website involves far more than choosing a platform, uploading products, and opening for business. From the moment you start collecting customer data to the first sale you process, your business is subject to a complex web of federal and state regulations. Mistakes made at launch — incomplete disclosures, unenforceable terms, unregistered trademarks […]

Read more about 5 Reasons to Hire an Internet Lawyer Before Launching Your E-Commerce Website

How Strong Are Your Terms and Conditions? Legal Gaps E-Commerce Owners Miss

How Strong Are Your Terms and Conditions? Legal Gaps E-Commerce Owners Miss

Revision Legal

Most e-commerce businesses invest heavily in acquiring customers — paid ads, SEO, influencer campaigns — but give almost no attention to the legal documents that govern what happens after a customer lands on their site. Terms and conditions are not a formality. They are a contract. When they are vague, outdated, or copied from another […]

Read more about How Strong Are Your Terms and Conditions? Legal Gaps E-Commerce Owners Miss

Put Revision Legal on your side

Let's Discuss Your Case