As corporations and even entire municipalities are increasingly advising their employees to work from home in light of COVID-19, it is important to remember that doing so it not without its risks.

For any organization that has information to protect be it is customer or employee personally identifying information, financial information, or confidential and proprietary trade secrets permitting company data to travel home with or be remotely accessed by employees raises the chances of a cyber incident involving that data. And, where a “cyber-mishap” occurs, the company may have a duty to report the incident to consumers, regulators and business counterparties.

Put simply, cyber criminals are not expected to take a “corona-holiday.” In fact, some might even prey on vulnerabilities created by the situation. Fortunately, there still is time to address the potential privacy and data security risks and to develop clear guidance for employees to follow. These policies should be tailed to each company’s specific risk profile and communicated clearly to all employees.