Friday, February 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

COVID-19: Evolving Cybersecurity Considerations for Business

Adapting to Changing Work Demands During the Coronavirus Crisis

by Scott Lashway, Kaylee Cox Bankston and Kevin Powers
March 23, 2020
in Cybersecurity, Featured
red coronavirus key on keyboard

As the response to the spread of the coronavirus escalates, companies are becoming increasingly dependent on a work-from-home workforce. Experts at Manatt discuss what security concerns companies must take into account with this increase in remote work.

Businesses’ responses to the COVID-19 health crisis – and in particular, the increased demands for personnel to work remotely – present increased security risks and considerations. Workforces have been mobilized, and for many, this transition is expected to last for a significant period of time. For some, this transition to working remotely may be permanent.

Because of these rapid and dramatic changes in how and where personnel perform their daily responsibilities, businesses must ensure that the security of their electronic infrastructure and data is prioritized to the highest levels on their response agenda. In particular, existing security vulnerabilities — arising, for example, from an increased reliance on technology (e.g., VPN traffic) or personnel handling sensitive company or customer matters in environments that the company does not control (e.g., the challenge of destroying paper files if the remote worker does not have a shredder) — will be stressed. Given threat actors’ and criminals’ desire to take advantage of any situation, businesses should anticipate seeing inbound security risk that evolves as quickly as businesses’ response to COVID-19.

Business Continuity

With many businesses moving toward a mandatory or liberal work-remotely policy, the (significant) increased demand for remote connectivity, technology and resources has the potential to strain the availability and reliability of electronic infrastructure. Organizations must ensure critical systems have the capacity to withstand increases in demand and avoid interruptions in service. Further, the company’s business continuity plan should address fail-over and other backup procedures in the event a business-critical system becomes unavailable. In addition to increased demand for technology and infrastructure, there likely will be a greater need for IT support. Businesses may consider whether additional support staff is warranted during the transition to a fully remote work environment.

Security Vulnerabilities in the Remote Workforce

Beyond the possibility of overwhelming resource availability, a remote workforce introduces potential security vulnerabilities, in particular with respect to network access and authentication. Organizations should consider how best to address risks associated with securing and verifying credentials in a remote environment, such as enabling multifactor authentication. In addition, with decreased opportunity for physical oversight of the workforce, companies may need to pay closer attention to user activity, including through analyzing access and event logs and leveraging behavioral monitoring functionalities (consistent with the firm’s workplace monitoring policies).

Phishing Attempts and Malware

Threat actors quickly capitalized on fears associated with COVID-19 by identifying opportunities to initiate phishing attempts and embed malicious links in purported news articles and communications surrounding the pandemic. For example, the World Health Organization (WHO) recently issued a warning regarding cybercriminals impersonating the WHO in an attempt to steal money or sensitive information. It is good “cyber hygiene” for companies to regularly educate, train and test employees on phishing risks, and current events present a prime opportunity to remind employees of the threats and best practices associated with phishing scams.

Security Governance and Communications

As security professionals, attorneys and compliance and audit teams work remotely, coordination among the constituents responsible for monitoring and addressing security risks is critically important. Actual threats and materialized risk must be communicated in a timely and secure manner. For example, and to use an obvious illustration of the risk, if a company’s VPN is compromised, that company’s ability to operate may suddenly be threatened if its workforce is relying on the VPN for connectivity. Incident response plans should be immediately evaluated and updated to reflect the company’s current communications structure and expectations. Ensuring that decision-makers are available promptly to address any security events or security incidents is another critical step. Companies must ensure that the workforce is aware of how to report security risks or threats through multiple channels of communication (not just by email).

In assessing and managing quickly evolving security risks, transparent and timely communication with personnel is imperative. Businesses should provide clear direction on what employees should expect during a modified work environment, including what technologies will be deployed, how to use them and whom to contact with any questions or concerns. Companies should also educate personnel on the risks associated with a remote work environment and ensure employees are equipped with direct and timely reporting mechanisms for any security concerns. Finally, decision-makers should ensure the organization is speaking with a unified and consistent voice in establishing and communicating COVID-19 protocols and procedures to its workforce.


This piece was originally shared by Manatt as a client alert and is republished here with permission.


Tags: business continuity planningCoronavirus/COVID-19
Previous Post

What Employers Need to Know About COVID-19 and the Families First Coronavirus Response ACT

Next Post

BDO: 2020 Shareholder Meeting Agenda

Scott Lashway, Kaylee Cox Bankston and Kevin Powers

Scott Lashway is a disputes partner based in the Boston office of Manatt, Phelps & Philips, which he manages for the firm. His practice focuses on matters involving the intersection of law and technology, and he is co-leader of Manatt’s privacy and data security group. Scott represents and counsels clients in complex business disputes and class actions, internal investigations, and government enforcement matters, and advises on compliance risks and vulnerabilities. He regularly represents clients in courts nationwide, including Massachusetts state and federal courts as well as matters involving the Massachusetts Attorney General’s Office and Massachusetts Secretary of State. Scott routinely conducts investigations and counsels clients on incident response confronting sophisticated cyberattacks, and represents clients in related law enforcement inquiries, regulatory matters and data privacy litigation. He represents clients before various state and federal regulators, including the Securities and Exchange Commission (SEC), the Department of Justice (DOJ), the Financial Industry Regulatory Authority (FINRA), state attorneys general, the New York Department of Financial Services (NYDFS), and the Federal Trade Commission (FTC). Scott’s clients are in a wide range of industries, including financial services and insurance; technology, including ad-tech and mar-tech; life sciences; intelligence and data processing; professional services firms; transportation; education; and gaming. Before joining Manatt, Scott was a partner at an international law firm where he was co-chair of the cybersecurity, data breach and privacy team. He also has worked as senior in-house counsel and head of investigations for a Fortune 100 global financial services company.
Kaylee Cox Bankston is a privacy and data security attorney in Manatt’s Washington, D.C., office. She focuses her practice on complex cybersecurity and privacy matters, including data privacy and security compliance, information governance, security incident response and breach preparation, regulatory investigations, litigation and class action defense, and development of corporate privacy and security programs. Kaylee advises clients in a wide range of industries on data privacy and security risk management as well as compliance with state, federal and international privacy laws and regulations, such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR), among others. She develops and conducts information security and privacy program assessments and leads cybersecurity simulations and war games to evaluate and develop incident response protocols and risk mitigation strategies. Kaylee also has substantial experience representing clients in privacy and security investigations and related regulatory actions. She represents companies before U.S. and international regulators, including the U.S. Federal Trade Commission and state attorneys general. Kaylee defends clients in privacy and security class action litigation matters in various federal and state courts. Kaylee is a Certified Information Privacy Professional for the U.S. private sector (CIPP/US). Before joining Manatt, Kaylee worked at an international law firm as co-chair of the firm’s cybersecurity, data breach and privacy team.
Kevin Powers is a senior cybersecurity advisor in Manatt’s Boston office. A renowned thought leader on data privacy and cybersecurity policy and law, Kevin regularly provides high-level counsel to private and government entities regarding cybersecurity, including assessments, strategies and frameworks, employee training, data security and privacy, incident response, government investigations, and “table top” exercises. Kevin is the founding director of and a professor for Boston College’s premier master’s degree in cybersecurity, which he created, developed and implemented to better address the needs and issues of the rapidly changing cyber ecosystem. With a combined 20 years of law enforcement, military, national security, business, higher education and teaching experience, Kevin has worked as an analyst and attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense and law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Along with his advising for Manatt and teaching at Boston College, Kevin is a research affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the deputy general counsel to the superintendent. Kevin regularly provides expert commentary regarding cybersecurity, privacy and national security issues for varying local, national and international media outlets.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
BDO: 2020 Shareholder Meeting Agenda

BDO: 2020 Shareholder Meeting Agenda

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights