COVID-19 and Cyber Risk

March 26, 2020

The global coronavirus outbreak is adding another layer of cybersecurity risk as companies ask their employees to work remotely. Indeed, the shift to remote work may create of new potential avenues for unauthorized access to company data and information technology systems from hackers and cyber criminals. Accordingly, companies will be well-advised to ensure that they have a robust cybersecurity strategy to address risks associated with remote work. In this post, we review the main sources of cyber risks and identify mitigation measures to ramp up cybersecurity.

Remote Work and Cybersecurity Risk

Remote work raises a number of cybersecurity risk issues: 

  • Access to confidential company data through unsafe home or public Wi-Fi networks;
  • Vulnerable VPNs due to outdated software;
  • Ineffective backup and recovery systems;
  • Reduced security on personal devices and computers; and
  • Sharing of proprietary information on workplace chat apps.

In addition, with the COVID-19 outbreak, phishing emails may target employees using coronavirus as a bait to lure them into clicking on links or attachments infected with malware, resulting in theft of usernames and passwords. 

Whatever its source, a cybersecurity incident can translate into data loss, privacy breaches, business disruptions, or fraudulent appropriations of funds that can  have significant consequences for companies.

Mitigation Measures

Faced with heightened cybersecurity risk, companies will want to review their mitigation measures to ensure that they adequately address the particularities of remote work.

Amongst the mitigation measures, companies should consider:

  • Adopting or reinforcing policies and procedures dealing with remote access to company network, and communicating them to employees;
  • Reviewing the robustness of the technical specifications related to the remote access to the company network;
  • Ensuring that the information technology department has adequate resources to support remote work and ensure network security;
  • Raising awareness among employees with respect to cybersecurity risk, including phishing and other use of malware;
  • Establishing proper information and accountability lines to the board of directors regarding cybersecurity;
  • Revising their response plan, including the need to report incidents under securities laws, federal financial institutions law and privacy laws;
  • Reviewing their cyber insurance policy coverage in terms of remote work.

The coronavirus outbreak is profoundly affecting the operation of companies and raising a number of significant challenges. With work from home becoming the new normal for many industries, cybersecurity is one pressing challenge that companies will want to prioritise. Indeed, if unaddressed, cybersecurity risk can translate into serious financial, operational and reputational harms on companies.

DISCLAIMER: This publication is intended to convey general information about legal issues and developments as of the indicated date. It does not constitute legal advice and must not be treated or relied on as such. Please read our full disclaimer at www.stikeman.com/legal-notice.

Stay in Touch with Knowledge Hub