How WFH has forced a reevaluation of cybersecurity needs

As the coronavirus forces a 'new normal' onto investment activities, now's a great time for firms to review their cybersecurity measures.

More than two months into the covid-19 lockdown, and no date certain on when we’ll get back to “normal” and return to the office, it’s a good time for firms to reevalute their cybersecurity and client confidentiality resources, experts say.

This is true for Fortune 500 corporations, portfolio start-ups and investment firms themselves.

Venture investor Robert R. Ackerman Jr. says that working from home, or WFH, has accelerated the digital economy and reinforced the need for increased security measures outside of the enterprise.

Ackerman says that even amidst a downturn, organizations are budgeting for cybersecurity as entire workforces have gone remote and virtualization and security tech needs have increased.

“WFH went from experiment to full-scale production overnight,” says Ackerman, who is founder and managing director of AllegisCyber, a venture firm specializing in cybersecurity, and co-founder of DataTribe, a cybersecurity startup foundry in Maryland. “It’s having a huge impact on cybersecurity as employees are now outside of the firewall and they’re all reliant on tech.”

‘Your family doesn’t need to hear this’

If you haven’t already, it’s a good idea to make sure all of your employees have—and are working on—computers owned by your firm, says Kristen Mathews, a partner in Morrison & Foerster’s New York office.

“They have more control over cybersecurity when they’re using work-owned computers,” she says.

It’s tempting to use personal accounts, especially when we’re all working from home, because not everyone has the high-speed bandwidth necessary for some firms’ multi-factor functions, Mathews says.

She also urges firms to adopt multi-factor authentication for its private networks.

Mathews also says firms need to make sure all their employees are using headsets for their phone calls and online conferences.

“If we’re having a conversation about material, nonpublic information, and there’s someone in our house, or in the next apartment, that could lead to a material disclosure,” she says.

Judith Shaw, Maine’s securities administrator, is also worried about the tight confines in the WFH world.

“Close the door when you’re having those chats,” she says. “Your family doesn’t need to hear this.”

Desk exams

Shaw and her colleagues are already doing desk exams of investment advisers and broker-dealers. “We’re asking, ‘Where are you working from right now and how are you maintaining client privacy?’” she says.

“In Maine, I know we have people who have vacation homes here,” she says. “Well, that’s great if you have a beautiful multimillion-dollar place on the coast. But if you’ve got a cabin on the lake? It’s probably one or two rooms. And you probably have your whole clan with you. And that’s great, but you’ve got to lock everything down.”

It’s not just family and neighbors that you should worry about, Mathews says. Millions of American homes have some kind of voice-activated digital assistant, such as Amazon’s Alexa or Apple’s Siri.

Make sure employees are deactivating those devices before any sensitive conversation, she says.

Practice tip: shredding

It’s not just the cyber element that experts worry about.

“When I’m working from my home office, if I make a mistake on a document and chuck it into the recycle bin someone else may have access to it,” Shaw says.

Mathews sees a similar dilemma.

“A lot of people read better if it’s printed,” she tells Regulatory Compliance Watch, an affiliate publication of Venture Capital Journal. “The problem there is what do you do when you’re done reading it? It needs to be shredded. Now the only question is, how does it get shredded? Not every shredding machine is the same.”

Some firms ask their employees to keep confidential documents in separate bags that the firm will collect for proper shredding, and Shaw encourages more firms to do this. But Mathews says you’ll have to be mindful of how long those documents sit in an employee’s home, waiting for the shredder.

Practice tip: outgoing voicemail

Shaw also urges firms to check, and recheck, their phone systems, and their website contact forms. “If you’ve got a disruption in business, you’ve got to notify [others] that you’ve got a disruption in business.”

Firms can make their clients’ and their own lives easier by simply tweaking their outgoing voicemail message, Shaw says. “It’s got to be more than just, ‘Sorry, we’re closed, leave a message.’ How about, ‘Sorry, we’re closed, but if you need something immediately, you can call X… at…,” she says.

“Give more specific direction to people,” she adds. “Because people are panicking generally.”

A version of this story first appeared in affiliate publication Regulatory Compliance Watch. Bill Myers is a reporter with RCW and can be reached at william.m@peimedia.com.

Alastair Goldfisher contributed to this report for Venture Capital Journal.