Employment Law: Enhanced Cybersecurity Procedures Needed for Work-From Home Employees featured image

Employment Law: Enhanced Cybersecurity Procedures Needed for Work-From Home Employees

by John DiGiacomo

Partner

Corporate Employment Law

The fact that employees are increasingly required to work from home does not obviate a company’s legal requirement to have reasonable company policies and procedures to safeguard consumer data and to protect sensitive company confidential information. Indeed, the dawning era of widespread work-from-home employment necessitates enhanced cybersecurity since there are enhanced data security risks associated with remote working.

The enhanced risks flow from several aspects of the work-from-home employment regime. First, because more data and information is being sent over the internet, there is an enhanced risk of hacking, hijacking and other interception of the data by cybercriminals. Second, employees are using devices and computers in the home work-area that have not been inspected or secured by the company’s IT department. Further, logic suggests that an increase in the number of at-home workers will result in an increase in the number of brands and types of computer and devices being used across the company. Moreover, employee-owned equipment may be obsolete and/or using antiquated, out-of-date security software. All of this increases the incompatibilities between hardware and software making more work and inefficiencies for the company’s IT department. The end result is a significantly increased potential for exploitable vulnerabilities.

Third, at-home employees have reduced direct day-to-day, hour-by-hour supervision by supervisors who may be better-trained with respect to data security and cybercrime. Reduced supervision increases the risks of hacking cybercrime. This is partly because less direct supervision increased the chance of employees conducting personal business. The at-home online environment may not have the same limited internet access or have other firewalls which are present in a standard workplace. The at-home work area is also likely accessible to family members and others who are not authorized to have access to company data and information. The risk is less that the family member will steal the data but, rather, that they might “surf the net” to danger areas allowing intrusion or exfiltration by a cybercriminal.

The solution is to create and implement official company policies and procedures for cybersecurity specific to the new work-from-home environment. Your company should already have such policies and procedures for an at-work environment, but a distinct set of cybersecurity policies is needed. Experienced employment and cybersecurity lawyers like the ones at Revision Legal can help.

As noted, the new policies and procedures must focus on protecting the company’s confidential intellectual property and on reasonably protecting against data breaches or exfiltration of sensitive consumer/employee data. Effective work-from-home policies and procedures will accomplish both tasks. Here are some of the provisions that should be included:

  • Training for work-from-home employees specific to data security
  • Training for work-from-home employees with respect to PHYSICAL security of at-home and mobile devices — at-home and mobile devices must be physically secured even though only family members are able to access the at-home work-area; proper security includes locked drawers/desks, complex passwords, regular password renewals, barring family members from using the device, etc.; mobile devices should never be left unattended, etc.
  • Training for your IT staff specific to data security risks associated with work-from-home employees
  • Stating the company’s commitment to securing the secrecy of the company’s intellectual property and consumer data
  • Where possible, mandate provision and use of company-purchased and owned equipment and mandate that at-home employees only use company-provided equipment
  • Procedures in the event a lost device or actual or suspected unauthorized access
  • Enact a no-tolerance rule for use of public wireless networks (like at a public library or coffee shop) — this rule is necessary even though, for now, there may be a lock-down on such public spaces; these work-from-home policies should be applicable for all work-from-home circumstances
  • Limit work-from-home employee’s access to confidential and consumer data
  • Ensure that all work-from-home employees have signed confidentiality and nondisclosure agreements — even short basic agreements are an important part of cybersecurity since they enhance an employee’s belief in the importance of these issues
  • Remote installation by the company’s IT staff of security applications and software with updates and upgrades regularly installed — the corollary is that the work-from-home employee must be prohibited from interfering with the company-installed security software, firewalls and protocols
  • For mobile devices, if not already in place, mandate installation of physical tracking software

If you need help with your company’s work-from-home policies and procedures or if you have legal questions about data security, how to respond to data breaches or about hacking and cybercrime, contact the data security lawyers at Revision Legal at 231-714-0100.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side