15 June 2020
News
Free

Cyber ​​risks for lawyers in telework

The Cyber and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security offers guidance regarding telework in times of the COVID-19 pandemic. 

CISA released an alert to encourage organizations to adopt a heightened state of cyber security when it comes to alternate workplace options for their employees necessary due to the COVID-19 pandemic. It is important to consider that remote work options require an enterprise VPN (Virtual Private Network) solution in order to connect employees to an organization´s IT (Information Technology) network. 

The CISA mentions the following considerations regarding technical details on the issue of telework and cyber security:  

- As organizations use VPNs for remote work, more vulnerabilities are likely to be detected and targeted by malicious cyber actors.

- Due to the fact that VPNs are operating 24/7, organizations are less likely to keep them updated with the latest security updates and patches

- Attempts of stealing the usernames and passwords of teleworkers via phishing emails may increase.

- Organizations that do not use MFA (Multi-Factor-Authentication) for remote access are more susceptible for such phishing attacks. 

- The number of VPN connections of an organization may be limited, meaning that after reaching the limit no other employees can telework. Due to decreased availability of organizations, crucial business operations may suffer, including the ability of IT security personnel to perform critical cyber security tasks. 

In terms of risk mitigation, the CISA strongly recommends that organizations review the offered guidance when considering alternate workplace options. The following aspects are important to bear in mind regarding telework and cyber security: 

- Frequent updates of VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.

- Inform and alert employees to be aware of the increase in phishing attempts. 

- Prepare IT security personnel to ramp up important remote access cyber security tasks like log review, attack detection, and incident response and recovery. 

- Implementation of MFA on all VPN connections increases security. If MFA cannot be implemented, teleworkers are required to use strong passwords. 

- Make sure that VPN limitations are tested by IT security personnel, in order to prepare for mass usage. If possible, implement modifications – such as rate limiting – to prioritize users that require higher bandwidths. 

- Contact with the CISA to report any incidents like phising, malware, and other cyber security concerns. 

Copyright © The Impact Lawyers. All rights reserved. This information or any part of it may not be copied or disseminated in any way or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of The Impact Lawyers. The opinions expressed in this article are those of the authors and do not necessarily reflect the positions or policies of The Impact Lawyers.
Newsletter

Would you like to read more?

The Impact Lawyers offers a FREE newsletter that keeps you up to date on news and analysis about the international latest legal news.
Please complete the form below and click on subscribe to receive The Impact Lawyers Newsletter subscription

2
x

The Impact Lawyers Newsletter

  • Practical templates and guides for lawyers and law firms
  • Podcasts, videos and webinars explaining how to be sucessful
  • Tips made by lawyers and other practitioners