Octillo lawyers have been working with businesses to put them in a legally defensible position in pivoting their workforce to a distributed workforce. We have learned a few things from our work and watching what is happening around the globe.
Technical Safeguards Have Had To Quickly Pivot:
Companies are working to narrow their threat surface.
Organizations are working toward making their workforce 100% remote to safeguard employees but with that advantage there is an increase in exposure of company assets “in the wild.” With this increased risk it becomes necessary for those responsible to implement technical safeguards to offset this increased risk. Where preventative controls are not realistic, an organization should look to implement detective controls.
Octillo has evaluated various control options for access management. A few of these are:
• Shortening screensaver times
• Session lockout times
• Tiered approach for modifying user access to high risk platforms, applications, and, where possible, data
• Multi-factor authentication for email and high-risk applications/systems
• VPN and Virtual Desktop Infrastructure
With so many tech vendors selling a variety of services and products, companies are getting lost in the hype and simply want to know how they balance it all as part of a larger game plan.
Organizations Valuing Importance Of Administrative Safeguards:
Companies are realizing how essential it is to have more administrative safeguards in place.
Octillo has reviewed the most relevant policies and procedures that relate to remote workforce. Organizations should analyze if those policy and procedures contain steps or tasks that require key stakeholders to be present.
Additionally, organizations need to confirm that their Incident Response, Disaster Recovery, and Business Continuity Plan are all sustainable with a remote workforce. They should verify that such policies and procedures (including call-trees and responsible party contact lists) are accessible to those who need access. Octillo has suggested that organizations look at cloud-based solutions for storing their policies and procedures. This would enable workforce to access documents even if their network is down.
Physical Safeguards Are Very Important:
With buildings becoming vacant, physical safeguards will become more indispensable than ever. If an organization’s facility is going to have a skeleton crew then there are several questions which need to be addressed such as:
• Who will be responsible for safeguarding assets onsite?
• Does this person(s) have an intimate knowledge of the protocols in the event there is a breach or other criminal activity?
• Does the workforce understand what steps to take in the event they lose a device while working remotely?
• Is the procedure documented and has it been distributed?
• Has the organization walked through the process to commission and decommission devices remotely?
Struggle In Addressing Pandemic & Complying With New Laws:
In the middle of the pandemic, companies have still had to meet the compliance milestones of the NY SHIELD Act and California’s Consumer Protection Act (CCPA), especially where the Attorney Generals responsible for enforcing them have not provided extensions of time to comply despite the organizational disruption of the pandemic.
Octillo attorneys, who are also technologists, former CISO and current Certified Information Systems Auditor (CISA) are available to answer any questions you have about the foregoing safeguards and their impact and compliance with NY SHIELD Act, the CCPA, the
European Union’s General Data Protection Regulation (GDPR) or any other privacy or data security statute. Visit us at octillolaw.com or call us at 716 898 2102.
Octillo is proud to be the only firm in 2019 named for its “Technology Transactions” practice in Upstate New York Super Lawyers and routinely cited by Law.com for our insights in this fast-moving arena, along with several other awards and recognition in tech and law. We thank you for your business and encourage you to visit our blog regularly for updates on this area of law and others.
*Attorney Advertising. Prior results do not guarantee future outcomes.