With so many people working from home right now, the chance for data breach has increased for businesses. For example, there have been Zoom calls getting hacked, transcribed and posted without the hosts knowledge or even crazier stories of intruders popping into Zoom meetings.

More concerning is identity theft and phishing schemes that have spiked during the quarantine.

With many organizations supporting large numbers of remote workers, security teams are being pressed to provide necessary protections and security awareness training for the remote workforce. Security awareness is important no matter where your workforce resides, but companies might find it difficult to train remote workers via traditional methods.

So how can organizations help ensure that remote employees are still practicing cyber safety?

Many more millions of employees have been working remotely as a result of the devastating COVID-19 virus than ever before. There is likely no going back. Employers have been relying on a remote workforce by necessity in the short term and are realizing that in the long term they can operate efficiently and productively with their staff largely out of the office. The public health risks will, for the foreseeable future, be the driver both on employers’ need for a remote workforce to achieve continuity of operations and employees’ demand for a safer work location. The increased numbers of remote workers will no doubt be lasting. But with this anticipated restructuring of work must come a comprehensive evaluation of the corresponding cybersecurity risks over the long term and how best to address them. As employers look forward to the future of securing remote work in their organizations, they should review the following top ten considerations as part of their defense in depth.

State securities regulators report they found fewer regulatory deficiencies during examinations of the country’s 17,533 state-registered advisors than they did last year, according to the North American Securities Administrators Association’s annual report on the state-registered investment adviser industry. But cybersecurity was an area that saw more deficiencies versus the prior report.

State regulators, who have regulatory oversight responsibility for advisors with assets under management of $100 million or less, found deficiencies relating to cybersecurity in 26% of their examinations, up from 23% during the last series of coordinated examinations in 2017.

State securities regulators are concerned that deficiencies related to cybersecurity are rising among state-registered investment advisers in examinations by state securities examiners.

Top 5 Deficiency - “No or inadequate cybersecurity insurance” - Click Here to Get a Cyber Insurance Quote from Advisor Armor

SEC Examination Priorities for 2020

On January 7, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published its examination priorities for 2020 (Exam Priorities) for various regulated entities, including investment advisers. [2] OCIE announces its exam priorities annually to provide insights into the areas it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets. [3] The Exam Priorities can serve as a roadmap to assist advisers in assessing their policies, procedures and compliance programs; testing for and remediating any suspected deficiencies related to the Exam Priorities; and preparing for OCIE exams. Advisers are encouraged to review their current policies, procedures and client disclosures with these priorities in mind. Exempt reporting advisers (ERA) as well as registered investment advisers (RIA), are subject to SEC examination, although the SEC has indicated that it does not expect to examine ERAs on a routine basis.

The level of attention that the SEC’s Office of Compliance Inspections and Examinations has been giving to cybersecurity issues can hardly be overstated.

The new data security requirements provision of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into full force as of March 21, 2020, and all people and businesses, regardless of the state in which they reside, must comply with the new rules if they handle the private information of New York residents.

Cybercriminals are known to attack networks and individuals at inopportune times of crisis—and the coronavirus pandemic, unfortunately, presents just such an opportunity as millions are accessing corporate networks and databases from home. This past weekend New Jersey and Connecticut joined the growing list of jurisdictions (e.g., California, Delaware, Illinois, Louisiana, Ohio, and New York) to issue orders effectively requiring non-essential workers to avoid the workplace, and in some cases, to shelter-in-place.

Working remotely, whether short-term or permanent comes with many perks, but it also poses many new risks for the security of your organization’s data. For example, if an employee-owned device (laptop, PC, etc.) is connected to the company’s network and contains a virus or malware, they could be spread to your company’s network. Additionally, it becomes more of a challenge to verify the legitimacy of emails (for example, you’re no longer right down the hall from your CEO who requested an unusual wire transfer), you may be unfamiliar with policies and procedures as they pertain to a work from home environment, and the list goes on.