Saul Ewing Arnstein and Lehr LLP issued the following announcement on July 2.
1. Working from home presents new privacy and cybersecurity risks since companies shifted rapidly to telecommuting and may not have proper policies in place. In addition, many employees are new to remote work and are using personal devices on home networks. Cybersecurity risks include ransomware, business email compromises specifically related to wire fraud, theft of intellectual property, and breach of privacy-protected data, such as personally identifiable information, personal health information and credit card information. Privacy risks include breach of these same kinds of electronic privacy-protected data, loss of hardcopy files, conference calls recorded by digital assistants and confidential information overheard at home.
2. Practical steps for managing these risks include developing guidance for employees in a new, uncontrolled environment and revamping processes that can affect security and privacy issues, such as contract review. Provide clear instructions on actions that your organization may want to consider prohibiting, such as forwarding information to personal email accounts, storing information in non-secure cloud accounts, downloading information onto USBS drives, taking hardcopies of sensitive data home and having sensitive calls at home with AI home devices. Also, take concrete steps to protect your company’s vendor and supplier contracts from cybersecurity risks by considering the addition of indemnification provisions, representation and warranties policies, limitations of liability, and insurance coverage obligations. Revisit your existing cybersecurity and data policies to see how they should be updated given an increased remote work environment or develop new policies as necessary.
3. In addition, these processes also include general oversight across the company to ensure compliance in the areas of cybersecurity and privacy. There may be significant changes to the way internal controls are executed; reduced oversight and communication across the organization; noncompliance with organizational policies or applicable accounting standards, laws, and regulations; and instances of confidential data not being adequately protected. It is important to consider these potential issues and address them in updated policies and procedures.
Original source can be found here.