As governments and businesses work intensively on mitigating the impact of the new COVID-19 pandemic, social distancing measures have led to an increase in remote working across all sectors. Although remote work, when such is possible, is a necessary precaution measure during the pandemic, it does create new legal challenges.
Some of these challenges include:
Difficulty to control the quality of cyberspace and the activity within it
Difficulty to organise employees’ duties and projects
Ease of access to companies’ data
Increase in the risk of employees’ data violation
The use of company work files via personal computers in order to facilitate work from home
The last three risks, should be highlighted given that, there has been a significant increase in cybercrime attacks. Employees who work from home will often use their personal computers, which are significantly less secure than their work computers, and thus more vulnerable to malware attacks. The World Health Organization (WHO) has already warned that cybercriminals send phishing emails with malicious links and false information regarding the sender’s identity (often falsely presented as the WHO) in order to extract sensitive data and obtain monetary amounts.
A striking example of the above is the report of the UK Fraud Intelligence Bureau, according to which fraud victims in the United Kingdom have already lost more than £800,000 in February. According to Dave Waterson, chief executive of SentryBay, a UK-based company specializing in application and endpoint protection software, Internet attacks are expected to increase “by up to 40%” during the COVID-19 pandemic.
In view of the above, it becomes clear that companies whose employees work from home during the pandemic employing workers from distance will be exposed to significant risks. Therefore, they should ensure that appropriate security measures are in force in order to prevent any cyber threats and avoid cyber-attacks or phishing methods.
Indicatively, companies operating remotely are advised to consider the following:
• Train their employees on how to detect and handle phishing attacks
• Avoid saving company information, especially confidential and sensitive, on employees’ personal devices, as they are often less secure
• Install security software on employees’ devices, including the latest software updates
• Advise employees to avoid using public WiFi and use secure WiFi password protected instead
While assessing and managing the rapidly evolving security risks, prompt and thorough communication with staff is imperative. In particular, businesses should provide clear guidance on what employees should expect within the remote work environment, including the technologies that ought to be used, how to use them, and who to address with any questions or concerns.
In this context the case of “Zoom” application, which is being used more and more by employees worldwide in order to participate in remote meetings while working from home, is quite notable. The app was quickly criticized for transferring users’ data to Facebook, making them vulnerable to hackers who could trap their microphone and computer camera, and allowing videoconference organizers to monitor participants. An uproar was caused by the public “apology” of the creator of the application, Eric Yuan, who declared that the platform was not as secure as it should have been so far and promised to immediately address all arisen issues.
Comment by our office
It is without doubt, that the violation risk of a company’s confidential information along with its employees’ and clients’ personal data has rapidly increased, due to the current situation. Therefore all companies should reassess their internal policies in order to ensure a secure remote work environment and to avoid malicious attacks.