The coronavirus is here and is impacting our daily routines. Organizations have responded by mandating that everyone works from home to be safe from exposure. Social distancing is the new norm. Virtually all businesses now must cope with managing a virtual workforce to some degree. That comes with new security risks for the data that businesses spend millions of dollars to protect.
Not surprisingly, hackers are already at work taking advantage of the coronavirus crisis. According to the BBC, there has been a huge spike in email scams linked to coronavirus targeting individuals as well as professional businesses. Hackers are now taking advantage of this global disruption by sending fake reference materials that people may be legitimately seeking for work. As a result, it is imperative that businesses act immediately.
An article published by the Texas Lawyer describes some of the issues law firms must consider for themselves and their clients in order to adapt to new data security challenges presented by remote work. These questions include:
- How can you ensure that all remote employees are making secure connections to corporate networks via VPN and multi-factor authentication?
- Are you continuing to patch corporate systems with Windows updates? Are you scanning corporate networks for vulnerability scrupulously to account for the flood of remote workers?
- Have you provided secure portals for remote employees to transfer data or information between their remote locations and the corporate network?
- What steps can you take to restrict remote employees from using company-issued computers for personal use while remote? How can you ensure these company issued devices are not being used in insecure environments using public Wi-Fi?
In addition to looking at internal policies and procedures, it is important to understand the security features of every tool employees are using. Many remote employees rely on communication tools like GoToMeeting®, Skype®, Zoom®, and WebEx®. How safe are these services? Law firms and businesses inherently trusted these platforms – should they continue to trust them while they are knee-deep in the pandemic?
It’s worth taking a closer look. For example, WebEx® offers high levels of security including SOC-2 Type 2, ISO 27001, FedRAMP compliance, GDPR compliance, and end-to-end encryption. This means that any data sent or received using WebEx comes with an encryption key and that you own this key to all your encrypted data. GoToMeeting® also ensures technical compliance with some of the security protocols just mentioned. Meeting access is protected by unique meeting codes and strong password authentication and access is restricted to only invited participants. A unique 128-bit AES encryption key is generated and securely distributed to all participants at the start of each session. Such stringent security measures are particularly essential because companies will use these tools at an unprecedented level due to the need for social distancing.
Organizations do not have a choice about whether to operate remotely if they want to survive. While they may feel overwhelmed by just getting everyone set up with the access and tools they need, they cannot afford to neglect security issues. Now is the time to implement more stringent security requirements because protecting data is as critical to a business as protecting the health and well-being of its workforce.