No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

COVID-19: Evolving Cybersecurity Considerations for Business

Adapting to Changing Work Demands During the Coronavirus Crisis

by Scott Lashway, Kaylee Cox Bankston and Kevin Powers
March 23, 2020
in Cybersecurity, Featured
red coronavirus key on keyboard

As the response to the spread of the coronavirus escalates, companies are becoming increasingly dependent on a work-from-home workforce. Experts at Manatt discuss what security concerns companies must take into account with this increase in remote work.

Businesses’ responses to the COVID-19 health crisis – and in particular, the increased demands for personnel to work remotely – present increased security risks and considerations. Workforces have been mobilized, and for many, this transition is expected to last for a significant period of time. For some, this transition to working remotely may be permanent.

Because of these rapid and dramatic changes in how and where personnel perform their daily responsibilities, businesses must ensure that the security of their electronic infrastructure and data is prioritized to the highest levels on their response agenda. In particular, existing security vulnerabilities — arising, for example, from an increased reliance on technology (e.g., VPN traffic) or personnel handling sensitive company or customer matters in environments that the company does not control (e.g., the challenge of destroying paper files if the remote worker does not have a shredder) — will be stressed. Given threat actors’ and criminals’ desire to take advantage of any situation, businesses should anticipate seeing inbound security risk that evolves as quickly as businesses’ response to COVID-19.

Business Continuity

With many businesses moving toward a mandatory or liberal work-remotely policy, the (significant) increased demand for remote connectivity, technology and resources has the potential to strain the availability and reliability of electronic infrastructure. Organizations must ensure critical systems have the capacity to withstand increases in demand and avoid interruptions in service. Further, the company’s business continuity plan should address fail-over and other backup procedures in the event a business-critical system becomes unavailable. In addition to increased demand for technology and infrastructure, there likely will be a greater need for IT support. Businesses may consider whether additional support staff is warranted during the transition to a fully remote work environment.

Security Vulnerabilities in the Remote Workforce

Beyond the possibility of overwhelming resource availability, a remote workforce introduces potential security vulnerabilities, in particular with respect to network access and authentication. Organizations should consider how best to address risks associated with securing and verifying credentials in a remote environment, such as enabling multifactor authentication. In addition, with decreased opportunity for physical oversight of the workforce, companies may need to pay closer attention to user activity, including through analyzing access and event logs and leveraging behavioral monitoring functionalities (consistent with the firm’s workplace monitoring policies).

Phishing Attempts and Malware

Threat actors quickly capitalized on fears associated with COVID-19 by identifying opportunities to initiate phishing attempts and embed malicious links in purported news articles and communications surrounding the pandemic. For example, the World Health Organization (WHO) recently issued a warning regarding cybercriminals impersonating the WHO in an attempt to steal money or sensitive information. It is good “cyber hygiene” for companies to regularly educate, train and test employees on phishing risks, and current events present a prime opportunity to remind employees of the threats and best practices associated with phishing scams.

Security Governance and Communications

As security professionals, attorneys and compliance and audit teams work remotely, coordination among the constituents responsible for monitoring and addressing security risks is critically important. Actual threats and materialized risk must be communicated in a timely and secure manner. For example, and to use an obvious illustration of the risk, if a company’s VPN is compromised, that company’s ability to operate may suddenly be threatened if its workforce is relying on the VPN for connectivity. Incident response plans should be immediately evaluated and updated to reflect the company’s current communications structure and expectations. Ensuring that decision-makers are available promptly to address any security events or security incidents is another critical step. Companies must ensure that the workforce is aware of how to report security risks or threats through multiple channels of communication (not just by email).

In assessing and managing quickly evolving security risks, transparent and timely communication with personnel is imperative. Businesses should provide clear direction on what employees should expect during a modified work environment, including what technologies will be deployed, how to use them and whom to contact with any questions or concerns. Companies should also educate personnel on the risks associated with a remote work environment and ensure employees are equipped with direct and timely reporting mechanisms for any security concerns. Finally, decision-makers should ensure the organization is speaking with a unified and consistent voice in establishing and communicating COVID-19 protocols and procedures to its workforce.


This piece was originally shared by Manatt as a client alert and is republished here with permission.


Tags: Business Continuity PlanningCOVID-19
Previous Post

What Employers Need to Know About COVID-19 and the Families First Coronavirus Response ACT

Next Post

BDO: 2020 Shareholder Meeting Agenda

Scott Lashway, Kaylee Cox Bankston and Kevin Powers

Scott Lashway, Kaylee Cox Bankston and Kevin Powers

Scott Lashway is a disputes partner based in the Boston office of Manatt, Phelps & Philips, which he manages for the firm. His practice focuses on matters involving the intersection of law and technology, and he is co-leader of Manatt’s privacy and data security group. Scott represents and counsels clients in complex business disputes and class actions, internal investigations, and government enforcement matters, and advises on compliance risks and vulnerabilities. He regularly represents clients in courts nationwide, including Massachusetts state and federal courts as well as matters involving the Massachusetts Attorney General’s Office and Massachusetts Secretary of State. Scott routinely conducts investigations and counsels clients on incident response confronting sophisticated cyberattacks, and represents clients in related law enforcement inquiries, regulatory matters and data privacy litigation. He represents clients before various state and federal regulators, including the Securities and Exchange Commission (SEC), the Department of Justice (DOJ), the Financial Industry Regulatory Authority (FINRA), state attorneys general, the New York Department of Financial Services (NYDFS), and the Federal Trade Commission (FTC). Scott’s clients are in a wide range of industries, including financial services and insurance; technology, including ad-tech and mar-tech; life sciences; intelligence and data processing; professional services firms; transportation; education; and gaming. Before joining Manatt, Scott was a partner at an international law firm where he was co-chair of the cybersecurity, data breach and privacy team. He also has worked as senior in-house counsel and head of investigations for a Fortune 100 global financial services company.
Kaylee Cox Bankston is a privacy and data security attorney in Manatt’s Washington, D.C., office. She focuses her practice on complex cybersecurity and privacy matters, including data privacy and security compliance, information governance, security incident response and breach preparation, regulatory investigations, litigation and class action defense, and development of corporate privacy and security programs. Kaylee advises clients in a wide range of industries on data privacy and security risk management as well as compliance with state, federal and international privacy laws and regulations, such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR), among others. She develops and conducts information security and privacy program assessments and leads cybersecurity simulations and war games to evaluate and develop incident response protocols and risk mitigation strategies. Kaylee also has substantial experience representing clients in privacy and security investigations and related regulatory actions. She represents companies before U.S. and international regulators, including the U.S. Federal Trade Commission and state attorneys general. Kaylee defends clients in privacy and security class action litigation matters in various federal and state courts. Kaylee is a Certified Information Privacy Professional for the U.S. private sector (CIPP/US). Before joining Manatt, Kaylee worked at an international law firm as co-chair of the firm’s cybersecurity, data breach and privacy team.
Kevin Powers is a senior cybersecurity advisor in Manatt’s Boston office. A renowned thought leader on data privacy and cybersecurity policy and law, Kevin regularly provides high-level counsel to private and government entities regarding cybersecurity, including assessments, strategies and frameworks, employee training, data security and privacy, incident response, government investigations, and “table top” exercises. Kevin is the founding director of and a professor for Boston College’s premier master’s degree in cybersecurity, which he created, developed and implemented to better address the needs and issues of the rapidly changing cyber ecosystem. With a combined 20 years of law enforcement, military, national security, business, higher education and teaching experience, Kevin has worked as an analyst and attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense and law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Along with his advising for Manatt and teaching at Boston College, Kevin is a research affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the deputy general counsel to the superintendent. Kevin regularly provides expert commentary regarding cybersecurity, privacy and national security issues for varying local, national and international media outlets.

Related Posts

uvalde crosses

Will 2023 Bring More ‘Permacrisis’ Culture?

by Lisa Schor Babin
January 4, 2023

While 2022 had no shortage of chaotic events, ethics columnist Lisa Schor Babin shares her hopes for 2023 — and...

ceo succession

As the Great CEO Resignation Continues, Does Your Board Have a Succession Plan in Place?

by Paroon Chadha
September 7, 2022

High-profile CEO departures put a fine point on a broader corporate trend: Top company leaders are exiting their roles in...

Hidden Threat? They Know There’s a Problem, But Companies Are Still Failing to Intercept Real-World Dangers

Hidden Threat? They Know There’s a Problem, But Companies Are Still Failing to Intercept Real-World Dangers

by Staff and Wire Reports
August 17, 2022

From climate change to the Covid-19 pandemic to hateful political rhetoric — modern society poses risks not only to the...

Eventus Awards

Eventus Named Best Market Surveillance Provider, Adding to Recent List of Honors

by Corporate Compliance Insights
August 4, 2022

Trade surveillance and market risk solution platform Eventus won its fourth major award in the past month, as its Validus...

Next Post
BDO: 2020 Shareholder Meeting Agenda

BDO: 2020 Shareholder Meeting Agenda

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT