This document provides an overview and discussion of cybersecurity issues related to working from home during the COVID-19 pandemic. It discusses securing home networks and devices, protecting proprietary company information, training employees on cybersecurity best practices, and common cyber threats such as phishing scams taking advantage of coronavirus fears. Resources from government agencies and organizations are also included to help secure remote work environments and defend against cyberattacks.

1. Navigating COVID-19
Issues: Cyber Security
Basics for the Work
From Home Economy
Presented by the Internet and Privacy
Law Standing Committee of the
Business Law Section and the Antitrust,
UCL and Privacy Committee

2. MODERATORS
Bennet Kelley
Founder
Internet Law Center
Vice Chair
Internet & Privacy Law
Committee, Business Law Section
@InternetLawCent
Full Bio in
Appendix
Brett Cook
US Privacy Manager,
Wells Fargo
Antitrust, UCL and Privacy
Committee

3. OUR PANELISTS
Terence Goggin
Specialist Leader, Risk &
Financial Advisory, Federal
Cybersecurity Practice
Deloite
Marcus Morissette
Senior Privacy &
Cybersecurity Advisor
Fenwick & West
Stan Stahl, Ph.D
President
SecureTheVillage
@stanstahl
Full Bio in
Appendix

4. MARCH 19, 2020 – CALIFORNIA ISSUES
SHELTER IN PLACE ORDER
The California State Public Health Officer and Director of the California
Department of Public Health is ordering all individuals living in the State
of California to stay home or at their place of residence, except as
needed to maintain continuity of operation of the federal critical infrastructure
sectors, critical government services, schools, childcare, and construction,
including housing construction.
 In 2018, approximately 1.1 million Californians worked from home (six percent of the work force).
 While some businesses had work from home policies and procedures in place, the rest are about to
become . . .

5. “An entrepreneur is
someone who will jump
off a cliff and assemble an
airplane on the way
down.”
-- Reid Hoffman
Founder, LinkedIn

6. EMPLOYMENT LAW CONSIDERATIONS
 New Hires/ I-9
 Tracking hours and breaks
 Safety issues
 Telecommuting Expenses
 Insurance
 WFH v Working Remotely
 Friday Donuts
Photo by Court Cook on Unsplash
NOT
COVERED
HERE

7. SECURING THE HOME OFFICE
Part 1: Securing the Network
 Ensure all devices used have
 Properly configured firewalls
 Up-to-date Anti-malware, intrusion prevention software
 Complex Passwords
 Ensure software used is properly licensed
 Secure devices and services with multi-factor authentication
 Use of Virtual Private Networks
 Interplay with Home IoT Devices
 IT Log monitoring
Photo by Paul
Hanaoka on Unsplash

8. SECURING THE HOME OFFICE
Part 2 – Securing Proprietary Information
 Company v Employee Devices
 Employer Monitoring
 Tracking Hours Worked
(Important for Wage/Hour Issues)
 Tracking Downloads and Emails
 Encryption
 Data Backup
 Account Settings and Access

9. Sony hack relied upon low-tech spear-phishing
emails. Employees are the weak link in
cybersecurity defense.
• Avoid clicking on links in unsolicited emails
and be wary of email attachments.
• Do not reveal personal or financial
information in emails, and do not respond to
email solicitations for this information.
SECURING THE HOME OFFICE
Part 3 – Employee Training

10. CORONAVIRUS
SCAMS
• “Public Health” Scams
• Government Check
Scams
• Business Email Scams
• I.T. Scams
• Supply Scams
• Robocall Scams
• Data Scams

11. CORONAVIRUS CYBER THREATS
• Italy Saw Significant Spike in Cyber Attacks
• Remote User Credential Theft
• Malicious Log in Events
• Fake Coronavirus Websites/ Maps
• Phishing Attacks Using Coronavirus Themes
• Fake Phone Apps
• Coronavirus Themed Domains
• Ransomware Attacks on Medical Institutions

12. CORONAVIRUS INFORMATION WEBSITES
Center for Disease Control and
Prevention
https://www.cdc.gov/coronavirus/2019-
ncov/index.html
@CDCgov
California Dep’t of Public Health
https://www.cdph.ca.gov/Programs/CID/
DCDC/Pages/Immunization/ncov2019.as
px
@CAPublicHealth
World Health Organization
https://www.who.int/emergencies/disease
s/novel-coronavirus-2019
@WHO

13. APPENDIX 1
SPEAKER BIOS

14. BRETT COOK – Wells Fargo
Brett joined the US Navy Judge Advocate General’s (JAG) Corps in 2005. He served as Associate
General Counsel & Senior Privacy Counsel for US Naval bases in the European Union, the Bureau of
Navy Medicine and Surgery, and the Navy’s Expeditionary Operations Command. Subsequently, he
was selected to manage the Navy’s data protection enforcement and Freedom of Information Act
compliance programs.
Brett served as General Counsel & Chief Privacy Officer for an Aircraft Carrier Strike Group, which
manages forward-operating surface vessels, aviation units, and intelligence collection operations; and
the Naval Intelligence Forces Reserve, which oversees Cryptology, Intel, and IT communities across
134 global organizations. He has extensive experience operationalizing regulations, developing
foundational compliance policies, conducting privacy impact assessments and training programs.
Currently, Brett is a US Privacy Manager for Wells Fargo and continues to serve as a US Navy JAG
Corps Reserve Officer.

15. TERENCE GOGGIN - Deloitte
Terence Goggin is a consultant and entrepreneur with deep expertise in all aspects of
offensive and defensive cyber operations. He is the founder of PocketMac, a
groundbreaking Macintosh software company, which he built into a business
generating revenues of more than $2M per year. He has held a variety of
cybersecurity and leadership roles at the US Department of Defense. In his current
role, he advises government and private organizations on matters of cybersecurity
and risk management.

16. BENNET KELLEY – Internet Law Center
Bennet founded the Internet Law Center in 2007 after working in-house with technology, e-commerce, and internet
advertising companies such as ETM Entertainment Network, Network Commerce and ValueClick for nearly a decade. He
has been named as among the nation's top internet lawyers by several publications including the Los Angeles Business
Journal which named him one of the Most Influential Lawyers in Digital Media and E-Commerce.
In 2019, Bennet was one of a handful of lawyers, academics, prosecutors, law enforcement and judicial personnel invited to
work with the Department of Justice on addressing ways to combat technologically enabled harassment.
In 2012, he was selected by the U.S. Department of Commerce to be part of the U.S. delegation and present on e-
commerce law at the 17th U.S.-China Legal Exchange. The prior year he was part of a delegation of a dozen North
American internet experts who met with leading Chinese netizens to promote greater freedom within China.
Bennet was also the creator and host of Cyber Law and Business Report which aired on WebmasterRadio.fm from 2011-
2019 and was nominated for a Los Angeles Press Club award.
Bennet is a past Co-Chair (and current Vice Chair) of the California Lawyers' Association's Internet and Privacy Law
Committee where he led the effort to develop a primer on cyberspace law for state policymakers. He also led the
Technology, Internet and Privacy subcommittee of CLA's Intellectual Property Section from 2016-2019.

17. MARCUS MORISSETTE – Fenwick & West
Marcus Morissette is a Senior Privacy and Cybersecurity Advisor at Fenwick & West.
Marcus has experience leading successful privacy teams through the design and implementation of global privacy and data
governance programs, ensuring compliance with domestic and GDPR regulations. Prior to joining Fenwick, Marcus worked
with eBay, first as the Head of Privacy for eBay Marketplaces, and then as eBay Inc.’s Chief Privacy Officer, leading all
global privacy operations for the company and its associated entities. Marcus also has a seasoned background as an
attorney and corporate counsel to various technology companies where he managed regulatory and compliance matters
including privacy assessments, data security audits, and reduced risk exposure efforts. He has experience completing data
mapping and data inventories of large and complex data environments. He has significant practical information security
experience, having been a certified information security professional, PCI qualified security assessor, and certified
information systems auditor. Marcus also serves as an officer and lawyer in the US Navy Reserve Judge Advocate
General Corps, and holds an active government security clearance.
Marcus received his J.D. from the University of Idaho College of Law. He received his B.A. in Economics from the
University of Maryland.
Marcus is a Fellow of Information Privacy (FIP), Certified Privacy Professional US (CIPP/US), Certified Information Privacy
Technologist (CIPT) and a Certified Information Privacy Manager (CIPM), Certified Information Systems Security
Professional (CISSP). He is licensed to practice law in Washington State.

18. STAN STAHL, Ph.D. - SecureTheVillage
Dr. Stan Stahl is founder and President of SecureTheVillage, a non-profit providing executives the knowledge and relationships they need to
meet today’s cyber crime, cyber privacy and information security challenges.
Stan is also co-founder and President of Citadel Information Group, an information security management services firm recently acquired by
Top-100 CPA firm, Miller Kaplan. The firm delivers Information Peace of Mind ® to business and the not-for-profit community.
Stan serves on the California Cybersecurity Task Force; the Industry Advisory Board of the Information Technology Program at the Viterbi
School of Engineering at USC; the Advisory Board of UCLA Extension’s Emergency Management & Homeland Security and Enterprise Risk
Management Programs; and the Board of Directors of the Content Delivery & Security Association.
A pioneer in the field of information security, Stan began his career securing teleconferencing at the White House, databases inside Cheyenne
Mountain and the communications network controlling our nuclear weapons arsenal. Stan received his Ph.D. degree in mathematics from The
University of Michigan. A frequent speaker on cybersecurity, Stan is regularly quoted in the media on cybercrime, cyber privacy and information
security.
Dr. Stahl earned his Ph.D. in mathematics from The University of Michigan and spent nearly 15 years teaching university mathematics. Once an
active researcher, Dr. Stahl has published more than a dozen papers in advanced mathematics and computer science. He has taught courses
in information security, software engineering, project management and computer programming at several universities and colleges. He recently
served on the faculty at the University of Southern California in the School of Engineering’s Information Technology Program.

19. APPENDIX 2
RESOURCES

21. CYBERSECURITY RESOURCES - 1
Department of Commerce
National Institute of Standards and Technology
• Telework Security Basics
• Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
• User’s Guide to Telework and Bring Your Own Device (BYOD) Security
• Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions
Department of Homeland Security
Cybersecurity and Infrastructure Security Agency
• Risk Management for Novel Coronavirus (COVID-19)
• Alert (AA20-073A): Enterprise VPN Security
• Security Tip (ST04-014): Avoiding Social Engineering and Phishing Attacks

22. CYBERSECURITY RESOURCES - 2
Federal Trade Commission
• Online security tips for working from home
•
• Cybersecurity For Small Business
Center for Internet Security
• CIS Controls Telework and Small Office Network Security Guide
Electronic Frontier Foundation
• Phishing in the Time of COVID-19: How to Recognize Malicious Coronavirus Phishing Scams
Stay Safe Online
• COVID-19 Security Resource Library

23. CORONAVIRUS SCAM RESOURCES
Department of Homeland Security
Cybersecurity and Infrastructure Security Agency
• Defending Against COVID-19 Cyber Scams
Federal Trade Commission
• Coronavirus: Scammers follow the headlines|
• FTC: Coronavirus scams, Part 2
• Seven Coronavirus scams targeting your business
• Scammers are taking advantage of fears surrounding the Coronavirus
Better Business Bureau
• BBB tips on COVID-19 (coronavirus)