Forum Admin

Darius K. Davenport's practice focuses on data privacy laws and regulations, helping clients mitigate cyber risk, and dealing with the legal and practical problems resulting from cyber incidents. His counsel to businesses and municipalities includes drafting and review of incident response plans, cybersecurity employee policies, technology contracts and conducting cybersecurity and breach response exercises. Come join him as he discusses data security practices to use while teleworking.

Darius will be available on Friday, June 5th at 1 PM to provide answers, so check back in to hear his thoughts. 

Quote 1 0
Amy Jordan ajordan
Good afternoon, Darius.  Thank you so much for joining us today and we appreciate you providing your expertise.  With teleworking now becoming commonplace, cybersecurity and data protection is such an important topic to our business community.
Quote 2 0
Darius Davenport Darius Davenport
Good afternoon, Amy.  I appreciate the invitation to join you on the form this afternoon. 
Quote 1 0
Amy Jordan ajordan
For many companies, the biggest obstacle will not be the technology; it will be the ability to recognize that these short-term disruptions are here for the long-term, if not actually permanent. Would you agree this is true? Should businesses be putting the time and effort in now to be better equipped for our long-term restructured workplace?
Quote 1 0
Darius Davenport Darius Davenport

We are potentially facing an extended disruption to what we traditionally would consider “business as usual.”  I think businesses should be seriously considering what the office of the future will look like and what the technology needs will be that will allow a seamless transition from a traditional to a remote business operation.  It’s not just COVID-19 that we need to be concerned about.  In an area, like the 757, where the severity of storms has increased over the past few years, having a resilient business means we need to consider how we can stay open even when we don’t have access to our office space.  Another thing that I hope business and local government have realized is that we need a broadband infrastructure to support remote operations.  Businesses can invest in all of the latest devices, but they are no good if we can’t connect them to the internet.

Quote 2 0
Amy Jordan ajordan
If employees are working at home using their personal computers, should organizations advise their employees to divide their home Wi-Fi networks into different accounts? Keeping one secure login for business use and one for personal use?
Quote 1 0
Darius Davenport Darius Davenport

Yes!  You should segregate work networking from home computing.  Many wireless routers allow you to set up multiple Wi-Fi lanes, like guest networks.  Use a separate secure Wi-Fi lane for work purposes that’s separate from your personal web traffic.

Quote 2 0
Alisa Crider acrider
Hi Darius! Thanks for your insight on this important, relevant topic! I have a question from something I read...
Kevin Mitnick, famed hacker turned cybersecurity consultant, explained that the human factor of information security is the point most vulnerability. In your estimation, how much more relevant is Mitnick’s point in a teleworking environment, and how can business best address the issue?
Quote 1 0
Darius Davenport Darius Davenport

Hi Alisa.Training employees is critical.  Roughly 25% of data incidents are caused by employees.  That 25% is the percentage of the pie that employers have some influence over because we can’t stop hackers from trying to breach our systems.  That is why training employees to identify and respond to data incidents is critical.  Also, developing an incident response plan or updating your incident response plan to accommodate remote operations is important.  Your plan outlines the appropriate response and lines of responsibility.  Those roles and responsibilities may have changed while operating remotely.  You should seek counsel regarding developing policies and plans or updating them in response to new remote working conditions. 

Quote 2 0
Amy Jordan ajordan
Darius, are Wireless Protected Setup (WPS) and Universal Plug and Play (UPnP) sufficient on home Wi-Fi networks to secure business information? How do you suggest home Wi-Fi best be secured for business purposes?
Quote 1 0
Darius Davenport Darius Davenport
Here are a few tips for securing your home network for business.
  1. Change the default name of your home Wi-Fi

Change the SSID (service set identifier).  The default is usually the manufactures name.  Hackers can use that information to research how to compromise that brand of router.

  1. Use strong wireless network passwords

Most wireless routers come pre-set with default weak passwords.  Many of these passwords have been exposed by manufacturer data incidents.  If a hacker knows the manufacture, the password then becomes easier to guess.  Make your passwords are unique, at least 20 characters long and include numbers, letters, and various symbols. Passphrases are even better.

  1. Enabling network encryption

Most wireless routers come with an encryption feature that is turned off. Turn it on to help secure your network.

  1. Segregate work networking from home computing

Many wireless routers allow you to set up multiple Wi-Fi lanes, like guest networks.  Use a separate secure Wi-Fi lane for work purposes that’s separate from your personal web traffic.

  1. Keep your router’s software up to date

Check for the latest software available for your router and download the latest security patches to enhance your network security.  Updates traditionally patch vulnerabilities that hackers can exploit.

  1. Make sure you have a good firewall

If your wireless router has a built-in firewall, turn it on.  Also utilize the firewalls in the security software that you purchase or that is integrated into your operating system.

Quote 3 0
Alisa Crider acrider
Darius, just being candid here, why is a lawyer addressing what some may think more of a question for an Information Technology expert?
Quote 0 0
Darius Davenport Darius Davenport

Cybersecurity is not just and IT issue.  It’s a business resilience issue with legal implications.  For example, a judge recently ruled that the data forensics investigation report from the Capital One data breach had to be turned over to the plaintiffs in a data breach lawsuit because IT initiated the investigation and not Capital Ones cybersecurity counsel.  That investigation report list everything that Capital One may have done wrong and now its heading to the opposition.  Also, attorneys are instrumental in drafting incident response plans that manage a data incident.  Finally, determining if a data breach actually occurred is also a legal question based on Virginia’s data breach laws.  So, attorneys are an integral part of cybersecurity.   Cybersecurity is a team sport as it takes coordination between IT, legal and most importantly business management. 

Quote 1 0
Steve Harrison Steve
Darius, thank you so much for taking the time to join the forum!  Could you explain the term "cybersecurity hygiene" that you referenced in your blog?  I love that idea but would love a few more details.  Thank you!
Quote 1 0
Darius Davenport Darius Davenport

Great question Steve.  In general hygiene is defined at the practices conducive to maintaining health and preventing disease.  The same is true regarding cybersecurity.  The goal of cybersecurity is to maintain the health of our IT networks and to prevent malware infections.

Quote 0 0
Amy Jordan ajordan
Darius, I recently saw a survey that reported as much as 77% of remote employees are using unmanaged BYOD devices to access corporate systems. With many parents and families working from home, there seems to be an increase in the use of BYOD for both business and pleasure. Children in some instances are needing to use parents devises to complete digital learning if the school system has not provided the technology. Online shopping needs have also increased during this time. What do you recommend to businesses to make sure their employees are using the devices safely especially in the instance of a personal home computer?
Quote 0 0
Darius Davenport Darius Davenport

Businesses should consider providing employees devices that are outfitted for business security and that can be managed remotely for employees to use when they are out of the office.  This is the cleanest solution.  Employee personal devices create an unknown when it comes to security and users.  If employees must use personal devices, employees should agree to security basics like complex password usage, employer device management and restricting use of the device.  This can be challenging because the employee owns the device and not the business.

Quote 0 0
Amy Jordan ajordan
In addition to providing technology, have you seen an increase in companies offering a technology budget to its employees to provide for the proper tools?
Quote 0 0
Darius Davenport Darius Davenport

I think what we will likely see is businesses that have been resistant to offering technology budgets becoming more open to the idea of offing employees that incentive.  Such incentives could be a good way to encourage employees to be more secure since employers are investing in the employees devices.

Quote 1 0
Amy Jordan ajordan
Darius, You had mentioned earlier on in the conversation the need for local infrastructure to support regional broadband. Should the business community support this effort and what might be some ways they could do so?
Quote 0 0
Jonathan Holman JZHolman
Good afternoon Darius. Great to have you on the form this week. How can employees best mitigate potential liability and litigation risk with handling sensitive company data from home? And should employers release a statement advising employees of such risk?
Quote 0 0
Darius Davenport Darius Davenport

 

The business community should definitely support regional broadband efforts.  Regional broadband will give us the speed and bandwidth to operate remotely.  It would allow us to attract the businesses of the future to our area and diversify our economy.  It would allow us to educate all of our children to include those in remote communities.  (They are the workforce of the future.)  It would allow our educational institutions to develop their research capabilities like never before, once again expanding and diversifying business opportunities.  Business leaders should let their elected official know that they support broadband as the infrastructure of the future.

Quote 1 0
Darius Davenport Darius Davenport
Good afternoon Darius. Great to have you on the form this week. How can employees best mitigate potential liability and litigation risk with handling sensitive company data from home? And should employers release a statement advising employees of such risk?
  

Good afternoon.  Employers should develop a host of policies that collectively address the issue of handling sensitive data at home.  In the interest of time I will just name a few.  First, email encryption policies.  Sending an email is like sending a post card through the mail.  Sensitive emails should be encrypted.  Next, data storage polices are important.  Early data breaches involved the simple loss of hard drives or laptop computers that contained sensitive data.  Also, there may be some things that just need to handle from a more secure location than home.  Policies can also address that as well.    

Quote 1 0
Amy Jordan ajordan
What challenges are there with companies relying on cloud storage for files and data management?
Quote 0 0
Darius Davenport Darius Davenport

I think secure cloud storage and operating platforms have been the key to continuity of operations for many organizations.  For example, our firm made a pretty seamless transition from the office to home due to our utilization of secure cloud based platforms.  I think the challenge for businesses is to make sure that they thoroughly vet cloud vendor’s security.  Many are just selling services and security is secondary. 

Quote 1 0
Amy Jordan ajordan
Darius, thank you so much for your time today. As we are getting near the end of our time, I did want to ask you about the cybersecurity webinar you recently hosted. Were there any good takeaways or is the webinar available for follow-up viewing?
Quote 0 0
Darius Davenport Darius Davenport

Amy thanks for asking about the webinar.  The topic of cybersecurity for businesses is broad.  This webinar focused more on teleworking and video conferencing policies that businesses need to consider.  Additionally I was joined by my friend Troy McCollum from Layer9. He discussed what business need from an IT perspective.  The complete webinar is available for replay at the following link: https://app.livestorm.co/crenshaw-ware-martin-plc

Quote 1 0
Amy Jordan ajordan
Darius, we really appreciate you joining us today and I look forward to taking a look at the other business resources Crenshaw Ware & Martin has to offer!
Quote 0 0
Darius Davenport Darius Davenport

 

Thanks for having me!

Quote 2 0