Like many businesses, my law firm’s offices have been operating on a restricted schedule for the past several months, and even though we’re in the process of transitioning to a full reopening, I suspect that many of our lawyers will continue to spend a lot of time working from home. My guess is that many other companies will have similar experiences. A Deloitte memo on the CLO’s role in reopenings highlights some of the cybersecurity challenges facing companies that will continue to have a large remote workforce. These include:
– Increases in socially engineered cyberattacks targeting financial and personally identifiable information (PII) data
– Cyber risk levels are elevated due to an increase in phishing and malware attacks.
– Some communication and collaboration tools may not be secure, even where these platforms have their own built-in controls.
– Client and customer data may be more vulnerable when employees work from home if employees are transmitting data on unsecure networks and/or saving or printing on home devices.
– Employees who previously did not work at home may not be familiar with cybersecurity and data protection leading practices. Most are likely to benefit from regular reminders related to cybersecurity leading practices.
– Potential threats to attorney-client privilege may arise where there are risks to cybersecurity or where attorney-client conversations may be overheard (by family members, for example).
In addition to reviewing cybersecurity insurance policies for potential coverage gaps associated with remote work, the memo recommends additional cybersecurity training to employees, communicating new and emerging threats as they arise, providing remote workers with the tools and instructions necessary to protect data and maintain data privacy protocols.
The memo also recommends that companies prioritize the preservation of the attorney-client privilege by taking actions such as reminding employees not to forward documents to personal email accounts or use other unsecure methods to transfer files or communicate with clients.
-John Jenkins, TheCorporateCounsel.net July 10, 2020
