Certainly, the panic around COVID-19 will have cyber criminals licking their lips as more and more employees work from outside their usual office environment. Some IT environments are designed to cope with that kind of scenario, are very
secure, with two-stage authentication including passwords that require change regularly, encryption and 24/7 monitoring.
But that is not the norm. Where your service providers are handling your sensitive information, it is certainly prudent to check
whether that information is secure both within that service provider’s ordinary environment but particularly where people are accessing and processing your information remotely. With IT structures facing unexpected pressure, your enquiries should also include the backup arrangements employed by the service provider.
Where you are the service provider, it is selfevident that you must comply with your contractual obligations. Moreover when
handling electronic information (especially personal information) and communicating electronically, you must act reasonably.
Allowing external access to your systems without sufficient security by employees working from home is probably not what a
reasonable business person would do and that could create an opportunity for cyber criminals. Where you act unreasonably and third parties suffer a loss as a result, you will be exposed to claims for damages.