Cybersecurity and Telecommuting
By Les Williams, CRM, co-founder and chief revenue officer of Risk Cooperative, a specialized strategy, risk and insurance advisory firm based in the Washington D.C.
First identified in Wuhan, Hubei province, China, in December 2019, the new coronavirus has had a ripple effect throughout the global economy and decimated the market value of countless firms, showing no signs of easing. Global reaction has been swift and decisive. Italy's government has ordered its citizens to stay home. The U.S. has temporarily closed its borders to non-U.S. citizens traveling from all European countries. Many U.S. schools have been temporarily shuttered, and sporting events have either been canceled or will continue without fans in attendance. What was once known as an HR perk at U.S. firms has now become a critical link in the business continuity and resilience chain: the ability to telecommute.
Many U.S. firms are encouraging telecommuting to prevent the spread of COVID-19, the respiratory illness caused by the coronavirus. Microsoft instructed workers in Northern California and Seattle to work from home, Apple gave similar instructions to its global workforce, and Stripe is now interviewing candidates via videoconferencing in lieu of in-person interviews. Many firms are replacing face-to-face meetings with conference calls or videoconferencing and canceling travel plans. A growing number of higher-education institutions have even decided to conduct the remainder of the semester online in hopes of preventing the rapid spread of the virus.
The flight to telecommuting on such a massive and sudden scale has raised many questions at firms of all sizes, especially at firms that do not possess the technical expertise and scale of Fortune 1000 entities. Do employees have the technical resources at home to successfully complete tasks remotely? Will employers contribute to employees' Internet and phone bills should workers' personal telecommunications footprint increase drastically due to the excessive data loads required for corporate work? Will tech staff resources become overloaded from the many telecommuting newbies needing extra hand-holding? Perhaps the most insidious side effect resulting from the rapid expansion of this new telecommuting workforce is the potential rise in cyberattacks aimed at softer targets.
Creating a New Risk While Solving a Current One
While telecommuters may be less exposed to the coronavirus while working remotely, a new risk is evolving. This mobile workforce may not practice the same proper "cyber hygiene" at home as they would in an office environment. Forgetting to utilize a virtual private network at home, for example, could encourage hackers looking for a path of least resistance to gain access to sensitive data. To make matters worse, many telecommuters may opt to work from their local coffee shop and utilize unsecured Wi-Fi networks. Confidential phone conversations that once occurred in the confines of an office building may now be conducted in public settings, further jeopardizing sensitive information.
At a time when personal hygiene is extremely critical, cyber hygiene must also remain a top priority for telecommuters. With the virus spreading exponentially, telecommuting will become the new normal in the coming months, necessitating the development of company telecommuter "cyber playbooks." This framework would address how employees can maintain cybersecurity best practices while working at home and include contact names and phone numbers of information technology (IT) staff on call. As part of their ongoing business-resilience planning, firms must devise a strategy for either hiring more internal IT staff or contracting with external IT firms. And with demand for cybersecurity professionals far outpacing supply globally, planning for IT staffing is critical given that the next pandemic could be just around the corner.