b'Post-Pandemic Hybrid Work from Home: Is Comfort Worth the Risk?Cybersecurity and Data Privacy ConsiderationsAlertsAs companies begin to seriously consider the post-pandemicthe post-pandemic period. Companies that continue to facilitate1 Court Operations Update office and whether to adopt a permanent hybrid work-from-homework from home need to invest in appropriate technologies and environment, serious thought should be given to the data privacyapply policies to adequately protect customer data. While civil litigators have embraced remote technology, we are beginning to see a return to in-person depositions, and cybersecurity risk involved. Potential benefits of a hybrid workmediations, and arbitrations. In our state court system, pandemic-related modifications remain in place, including environmentsuch as greater employee flexibility and reducedBasic security precautions that companies real estate footprintneed to be weighed against the legal andshould consider implementing include: the following:reputational risks to a company should a data breach occur.No civil jury trials until at the earliest June 14, 2021.No network is completely immune from intrusion, but networks1. Multi-Factor Authentication. that facilitate work from home present unique challenges thatHearings across all case types will continue to be conducted remotely to the extent possible.The era of the password is over. When physical presence in the companies ignore at their peril.office was a prerequisite to network access, a strong passwordWe anticipate new guidance will be available before the expiration of the current order on June 13, 2021.The arrival of COVID-19 and the ensuing stay-at-home ordersmay have been enough. But with remote access, a second layer of authentication such as an access code texted to employeesOperations in federal court in the District of Minnesota remain modified to encourage remote appearances; however, we in March 2020 meant a sudden and hurried shift to remoteexpect to see a return to in-person civil jury trials, bench trials, and hearings after May 3, 2021, on a case-by-case basis. work. In the chaos of those early pandemic days, companieswith each login attempt have likely become a minimum focused on rapidly deploying work-from-home technologies.security standard. Our litigators practice in Minnesota and throughout the country. If you have questions about a civil litigation matter, According to one prominent cybersecurity firm, the internet2. Encryption.please contact your attorney at Moss & Barnett. saw a 40% increase in unsecured remote desktop traffic as companies scrambled to facilitate remote access. Not surprisingly,All remote access to a companys network needs to be encrypted cybercriminals took advantage. But companies (especially smallerto guard against eavesdropping. A virtual private network (VPN) organizations) that were working quickly to adjust to a rapidlyestablishes a secured tunnel for data to travel from the home evolving public health emergency and government-imposedoffice to the company network. But even a VPN might not be restrictions were likely insulated, at least temporarily, from the fullenough. Vulnerabilities in an employees personal router can allow"Cybersecurity and Data Privacy" Continued from Page 2legal and reputational risks involved. hackers to access the companys network by piggy-backing a ride through the VPN connection. Consider providing employees4. Do Not Forget the People. Much data breach litigation is based on negligence law that judgeswith company managed routers or security appliances to reduceNo matter what security technology a company implements, goodand sensitivity of the data involved. While some form of hybrid a defendants actions by what a reasonable person or organizationthat risk.security training and easy access to IT staff are critical in any dataworkplace may well be the ideal fit for a company going forward, would do under similar circumstances. Certain compromisessecurity plan. The most effective defense against phishing attacks,there are serious risks that need to be considered.to enable remote work that may have been reasonable as a3. Virtual Machines.for example, is staff well trained to spot and avoid malicious once-in-a-lifetime pandemic suddenly descended on the nationIf a company permits staff to access its network from personalcommunications. Aaron P. Minster is a member of our litigation group assisting will likely be seen as unreasonable going forward. While itdevices, security vulnerabilities present in that personal equipmentcompaniesandindividualswithcommerciallitigation. will likely be some time before data breach lawsuits related tocan put the company network at risk. Consider the benefitsIt is also important to ensure that a companys insurance policiesCertifiedbytheInternationalAssociationofPrivacy adequately cover a hybrid work environment. The technologiesProfessionals(CIPP/US)andaformernetworkengineer, COVID-19 work their way through the courts, leniencies that theof deploying virtual machines that can act as a sandboxhe has extensive experience in the areas of data privacy law might afford as accommodation to the sudden governmentinsulating the network from malware that may be present onand processes needed to adequately safeguard a network andand cybersecurity.imposed shift to remote work will almost certainly not carry over topersonal devices.stored data in a work-from-home environment vary depending on612-877-5263|Aaron.Minster@lawmoss.comindustry, company size, core technologies, regulatory framework,LawMoss.com/people-aaron-p-minster"Cybersecurity and Data Privacy" Continued on Page 32 3'