Step Up Precautions & Practices Around Your Cyber Security
By Judith Bachman
We have found new ways to connect and communicate in the COVID-19 era. But with those new conveniences comes a slew of new risks and exposures.
Cyber intruders have been “Zoom bombing.”
Bank of America suffered a data breach while processing PPP loan applications. A software glitch at the SBA may have exposed Economic Injury Disaster Loan Emergency Advance files. As we are increasingly relying upon cyber connectivity, businesses must evaluate cyber vulnerability and take steps to protect themselves.
A good first step is to consult with IT security professionals, insurance companies, and counsel to ensure you are protected. In fact, failing to do so could leave you with liability exposure.
New York’s SHIELD Act sets out minimum standards for businesses to try to prevent and to handle data breaches. The California Consumer Privacy Act, which applies to any business that has customers in California, gives individuals the right to control and retrieve their personal information from businesses.
With the enactment of these laws earlier this year, companies rushed to fortify data security protocols. And as mandated by these statutes, many businesses set up privacy compliance plans designating a privacy director, encrypting data, and outlining an incident response plan.
But these initial steps are not enough in the wake of the pandemic. With the shift to working from home, business must be more mindful than ever of cyber dangers.
At the outset of COVID, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency encouraged organizations to adopt a heightened state of alert. The agency recommended that businesses:
- Require virtual private networks, network infrastructure devices, and implement software patches and security configurations for devices being used remotely;
- Warn staff of an expected increase in phishing attempts; and
- Report cybersecurity incidents to appropriate government agencies.
Beyond those recommendations, to remain statutorily compliant, businesses must also update their cyber privacy plans. Policies should now have clear guidelines for remote workers regarding downloading and storing information at home and set out incident response procedures accounting for a decentralized security or technical team.
Even with these adjustments, though, the reality is that cyber risks remain; cyber criminals will find new and unanticipated attack points. To be sure that those risks are covered in the COVID era, policyholders must review their cyber insurance. Entrepreneurs should be on the lookout for gaps in coverage on policies that were not initially designed to cover a remote workforce. Many policies limit coverage only to computer systems under “ownership, operation, or control” of the “Insured” or the theft of a password from the “Insured’s premises.” Cybersecurity incidents involving employees working from home on their own computers may not be covered under existing policies. Policyholders must address any holes in cyber coverage for their remote workforce.
Judith Bachman is the founder and principal of The Bachman Law Firm PLLC in New City. judith@thebachmanlawfirm.com 845-639-3210, thebachmanlawfirm.com