Health Care Settings Subject to New COVID-19 Requirements Issued by New Jersey and OSHA

Health care settings continue to be at the center of testing and treatment for COVID-19 and are the focus of new safety requirements implemented to minimize risks of transmission. Last month, Governor Murphy issued an Executive Order related to vaccination management, COVID-19 testing, and data collection, which mandates “covered health care and high-risk congregate settings” to establish a policy requiring “covered workers” to either submit proof of full vaccination or to submit to weekly COVD-19 testing. This requirement goes into effect on September 7, 2021.

In addition, the Occupational Health and Safety Administration (OSHA) has implemented an emergency temporary standard (ETS) applicable to certain health care settings, which includes extensive safety and health measures. The ETS provides for certain exceptions for coverage, and while the precise definitions are complicated and must be consulted, the focus appears to be on those settings where employees are interacting with patients who are suspected or confirmed for COVID-19. Unlike the Executive Order, the OSHA ETS does not include vaccine or testing requirements; however, certain New Jersey health care providers will be covered by both measures.

Which health care and high-risk congregate settings must comply with the Executive Order?

The scope of this Executive Order is quite broad and will impact most health care settings across New Jersey, both in terms of the covered health care settings and the covered workers to which the vaccine or testing requirements will apply.

The Executive Order defines “health care facility” extremely broadly as including:

acute, pediatric, inpatient rehabilitation, and psychiatric hospitals, including specialty hospitals, and ambulatory surgical centers; long-term care facilities; intermediate care facilities; residential detox, short-term, and long-term residential substance abuse disorder treatment facilities; clinic-based settings like ambulatory care [which would include all private medical offices], urgent care clinics, dialysis centers, Federally Qualified Health Centers, family planning sites, and Opioid Treatment Programs; community-based healthcare settings including Program of All-inclusive Care for the Elderly, pediatric and adult medical day care programs, and licensed home health agencies and registered health care service firms operating within the State.

High-risk congregate settings under the Executive Order include:

State and county correctional facilities; secure care facilities operated by the Juvenile Justice Commission; licensed community residences for individuals with intellectual and developmental disabilities (“IDD”) and traumatic brain injury (“TBI”); licensed community residences for adults with mental illness; and certified day programs for individuals with IDD and TBI.

“Covered workers” is defined to include full and part time employees and independent contractors, as well as individuals with operational, custodial and administrative support roles.

How to Comply and Penalties for Violations

Covered workers are not required to provide proof of having been fully vaccinated under the Executive Order, but those who do not submit proof of full vaccination must submit to COVID-19 testing one to two times per week. The settings covered by this Executive Order may choose to impose more frequent testing as well. A covered worker will not be considered fully vaccinated until two weeks have elapsed since receipt of the second dose of a two-dose series, or a single dose of a one-dose.

Acceptable proof of full vaccination includes: (1) CDC COVID-19 Vaccination Card; (2) Official record from the New Jersey Immunization Information System or other State immunization registry; (3) Record from a health care provider portal/medical record system on official letterhead signed by a physician, nurse practitioner, physician’s assistant, registered nurse or pharmacist; (4) Military immunization or health record from the U.S. Armed Forces; or (5) Docket® mobile phone application record or any state specific application that produces a digital health record. Records of such proofs must be maintained confidentially.

Those employees who do not submit proof of vaccination must submit to weekly testing, which can be either antigen or molecular tests with Emergency Use Authorization from the Food and Drug Administration or operating pursuant to the Laboratory Developed Test requirements by the U.S. Centers for Medicare and Medicaid Services. Covered settings may provide onsite COVID-19 tests, which can be either an antigen or molecular test. Covered settings must have a policy for tracking test results and are required to report results to the local public health department. However, in all other respects, vaccination and testing information must be kept confidential and separate from the employees’ personnel records.

The penalties for violations are stringent. Pursuant to N.J.S.A. 9:49, a violation may be considered a disorderly conduct offense, which can carry a penalty of a fine of up to $1,000 or 6 months imprisonment.

It should be noted that the requirements of the Executive Order with respect to screening and testing of unvaccinated workers do not override any requirement imposed by the covered setting regarding the testing and screening of symptomatic workers or vaccinated workers.

OSHA’s COVID-19 Emergency Temporary Standard (ETS) for Health Care Settings

Published on June 21, 2021[1] and in further effort to ensure the safety of health care workers, the OSHA ETS for health care and related industries provides that, unless an exception applies, in settings where employees provide health care services or health care support services, employers must develop and implement COVID-19 plans.

The analysis to determine whether an exception applies is complicated, and OSHA offers a flowchart to assist with this analysis. Among these exceptions are:

  • Private medical practices, where (i) the office is in a non-hospital setting, (ii) ALL non-employees are screened prior to entry, and (iii) anyone with suspected or confirmed COVID-19 is not permitted to enter the premises.
  • Well-defined hospital ambulatory care settings where all employees are fully vaccinated and all non-employees are screened prior to entry and people with suspected or confirmed COVID-19 are not permitted to enter those settings.
  • Home health care settings where all employees are fully vaccinated, all non-employees are screened prior to entry, and people with suspected or confirmed COVID-19 are not present.
  • Well-defined areas where there is no reasonable expectation that any person with suspected or confirmed COVID-19 will be present, the requirements in the ETS for personal protective equipment (PPE), physical distancing, and physical barriers do not apply to employees who are fully vaccinated.

For those covered health care settings with more than 10 employees, the COVID-19 plan must be in writing. It is not practicable to list every requirement in this alert without making it quite lengthy, but the following will highlight some of the notable plan requirements:

  • A designated safety coordinator who understands and is able to identify COVID-19 hazards in the workplace, is knowledgeable in infection control and has the authority to ensure compliance with the COVID-19 plan
  • A workplace hazard assessment (including involvement of non-managerial employees)
  • Policies and procedures to minimize the risk of transmission of COVID-19 to employees, which are extensive and include but are not limited to:
  • Limiting points of entry for patients and screening patients, clients and visitors at entry
  • Social distancing when indoors
  • Physical barriers between fixed work stations in non-patient areas
  • Cleaning and disinfecting surfaces and equipment in patient areas and in high touch areas at least once per day
  • Providing hand sanitizer with a minimum of 60% alcohol or easily accessible handwashing facilities
  • Providing Personal Protective Equipment (PPE) to employees with close contact exposure (within six feet in same room) to a person with suspected of confirmed COVID-19
  • Ensuring HVAC systems are used per manufacturer instructions and utilize Minimum Efficiency Reporting Value of 13 or higher if the system permits
  • Screening employees each workday/shift
  • Employees required to promptly notify employer of positive COVID-19 test, a suspected COVID-19 case or of COVID-19 symptoms

When an employee who has been physically present in the workplace tests positive, that employee must notify a designated employee within 24 hours

Employees should be trained on COVID-19 transmission and informed of their right not be retaliated against for exercising their rights under this ETS. Finally, health care settings with more than 10 employees must retain records of positive COVID-19 cases and all covered health care settings must report any COVID-19 fatalities and in-patient hospitalizations to OSHA.

ETS Requires Employers Pay Employees Forced to Quarantine or Isolate Under Defined Circumstances

Significantly, the ETS requires covered employers with ten or more employees to provide employees with substantial “medical removal protection benefits” if the employee must be removed from the workplace when the employer knows that the employee:

  1. Is COVID-19 positive, meaning that the employee was confirmed positive for or was diagnosed by a licensed health care provider with COVID-19;
  2. Has been told by a health care provider that they are suspected to have COVID-19;
  3. Is experiencing recent loss of taste and/or smell, with no other explanation; or is experiencing both fever (≥100.4° F) and new unexplained cough associated with shortness of breath; or
  4. Is required to be notified by the employer of close contact in the workplace to a person who is COVID-19 positive, UNLESS the employee has been fully vaccinated against COVID-19 (i.e., 2 weeks or more following the final dose), or had COVID-19 and recovered within the past 3 months, AND the employee does not experience the symptoms listed in item 3.

When an employee must quarantine or isolate under the aforementioned circumstances, medical removal benefits entitle the employee to regular pay the employee would have received had the employee not been absent from work, up to $1,400 per week until the employee is able to return to work. After three weeks of this leave, employers with 500 or less employees may reduce the benefits paid to two thirds of the employee’s regular rate of pay (up to $200 per day). If an employee removed from the workplace is too ill to work remotely, OSHA directs the employer to provide the employee with sick leave or other leave in accordance with the employer’s policies and applicable law. The employer’s payment obligation is reduced by the amount of compensation the employee receives from any other source, such as a publicly or employer-funded compensation program. Employers may also be entitled to an American Rescue Plan tax credit if they pay sick and family leave for qualified leave from April 1, 2021, through September 30, 2021. More information on the tax credit is available from the IRS.

Resources for Compliance

OSHA provides a lengthy COVID-19 plan template to assist health care providers, which may be customized for each workplace. There are additional resources available to health care providers including worksite checklists, sample employee screening questionnaires, an employee training presentation on the Health care ETS and a sample COVID-19 log. OSHA also offers an FAQ on the ETS standard.

Enforcement and Penalties

Violations of the OSHA ETS may carry a maximum penalty of $13,653 per serious violation or per day for failure to abate beyond the abatement date. Willful or repeated violations carry a penalty of $136,532 per violation. OSHA will use its discretion to determine whether an entity’s failure to comply with the ETS standard despite its best efforts warrants relaxation of the enforcement penalties. However, the agency expects that most employers should be able to achieve compliance within the stated deadlines. When addressing penalties for violations, the agency will also consider the size of the company and any past violations.

Takeaways

Health care settings continue to be at the frontline as we battle COVID-19. State and Federal guidelines and mandates are evolving, extremely complicated and can be difficult to navigate. As a threshold matter, it is critical to determine which measures apply to the health care setting. Compliance is critical to minimize the risks to patients and employees and to avoid penalties for non-compliance. Clear communication with employees is crucial to ensure that they are familiar with the requirements and expectations, as well as to understand the employer’s efforts to keep them safe.

[1] Covered health care employers must comply with all provisions in the ETS as of July 6, 2021  except those requirements related to ventilation, physical barriers, and training, which had a  compliance deadline of July 21, 2021

© Copyright 2021 Sills Cummis & Gross P.C.

Article By Jill Turner LeverStacy L. LandauPatricia M. Prezioso, and Charles H. Newman with Sills, Cummis & Gross PC.

For more COVID-19 updates, visit the NLR Healthcare Law section.

CDC Changes Masking Guidance for Fully Vaccinated Individuals

The Centers for Disease Control (CDC) announced on July 27, 2021 that it will adjust its advice to recommend that vaccinated people in substantial or high transmission areas of COVID-19 (defined below) wear masks in indoor public spaces. This guidance will substantially alter the CDC’s May 13 guidance that largely exempted fully vaccinated individuals from the indoor mask requirement. There has been no change in the outdoor masking recommendations at this time. In changing its masking recommendations, the CDC asserts that current scientific information indicates that the delta variant can be spread despite vaccine status, warranting an adjustment to its prior guidance.

Below is a summary of the updated guidance based on the media telebriefing:

  • In public indoor settings in areas of substantial or high transmission, all are to wear masks – including fully vaccinated individuals.
  • All individuals in K-12 schools must wear a mask, regardless of vaccination status, including teachers, staff, and visitors.
  • There should be a continuing effort to strongly encourage vaccination to reduce the spread of COVID-19, including the delta variant.
  • Community leaders should encourage universal masking and vaccination nationwide, regardless of whether or not in a substantial or high transmission area.

Despite the updated guidance, CDC Director Dr. Rochelle Walensky emphasized that wearing a mask is a “personal choice” and no “stigma” should attach to the decision whether or not to wear a mask. Moreover, Dr. Walensky acknowledged that the renewed indoor masking requirement would “weigh heavily” with individuals who are already fully vaccinated. The White House has not provided additional comment on the CDC guidance as of this writing.

The definition of a substantial or high transmission area is based on the CDC’s COVID-19 Data Tracker, which tracks the level of community transmission by county nationwide. Notably, the updated guidance does not apply to areas of moderate or low transmission.

While the CDC guidance is not mandatory, employers are advised to evaluate their workplace policies to determine the extent to which it may be prudent to alter workplace masking requirements. Additionally, states and cities are free to institute their own legally binding masking requirements, regardless of the CDC guidance. Employers are advised to closely monitor state and local developments. We also note that it is unclear what, if any, impact the CDC guidance will have on OSHA’s recent healthcare emergency temporary standard for healthcare employers or its enforcement of its safe workplace standards.


©2021 von Briesen & Roper, s.c

Article By John A. Rubin and Robert J. Simandl at von Briesen & Roper, s.c.

For more CDC COVID-related guidelines, see the National Law Review Coronavirus News section.

Should Virtual Depositions Survive the Pandemic? The Answer is Yes and No.

As the “new normal” of pandemic virtual legal proceedings appears to be waning, a question arises as to which, if any, practices initially born out of necessity, but no longer so, should continue to be utilized. One such device previously employed sparingly, but which became de rigueur during COVID, is the virtual deposition. In some but not all circumstances, virtual depositions can remain an effective tool for litigators.

The critical considerations in determining whether to continue using this mechanism will hinge on the purpose of the deposition and the stature of the particular witness. For example, if a deposition is being conducted for basic discovery purposes, i.e., understanding the broad strokes of a dispute, or determining generally what the opposing side knows or has, it might make sense to conduct it virtually. What may be obtained from such witnesses over video-link likely would not be enhanced by conducting the depositions in person. Moreover, the technical hiccups sometimes incidental to a video deposition, such as audio deficiencies and temporarily frozen screens, likely would not diminish the value of such “low-stakes” testimony.

But, if the purpose is to obtain testimony that will be presented to a trier of fact, there is no substitute for a live deposition. Like cross-examining an opponent’s witness during a trial, being in the same room to control that witness without the delay of a video feed or the interference of opposing counsel who may be present with the witness while you are not, makes a world of difference. Due to the unavailability of witnesses, cases may be won and lost during depositions. Consequently, it is important to treat these depositions as if you are eliciting trial testimony. Doing so live will give you the best chance at a successful examination.

A second important consideration is the stature of the witness. A virtual deposition would certainly be appropriate for a low ranking company employee with no ability to bind an organization, or a document custodian whose elicited testimony would likely be mechanical in nature. However, the deposition of a critical fact witness, high-ranking company official, or corporate designee most definitely should be conducted live, if possible. There simply is no substitute for looking a witness in the eyes during questioning to gauge their credibility, or obtaining a face-to-face assessment of their composure and demeanor. That type of evaluation is simply not possible over a video-link, particularly given the possibility of technical mishaps.

These considerations should not be viewed in a vacuum, of course. For more and more clients, a primary concern is legal cost containment. For those attorneys with national practices, being able to conduct the video deposition of a witness who resides on the other side of the country surely will provide significant cost savings for such a client. Similarly, a busy litigator’s life will be made easier by having the option of deposing a witness virtually, rather than committing to otherwise avoidable travel time.

Like most legal conundrums, the answer to this question is not clear-cut. But, having options like those outlined above to address the different types of witnesses and circumstances will increase the likelihood of eliciting valuable testimony.

©2021 Epstein Becker & Green, P.C. All rights reserved.

For more articles on depositions, visit the NLR Litigation / Trial Practice section.

Summer Is Here: International Vacation Travel During a Pandemic

International travel during the COVID-19 pandemic has been challenging, but conditions are finally improving. Many Americans are now vaccinated against COVID-19. The latest CDC reporting indicates 50.9% of the U.S. population has received at least one vaccine dose and more than 41% of the U.S. population has been fully vaccinated.

Many international destinations are planning for an uptick in tourism – including Europe. Unfortunately, there remains no consistency in the rules in effect across the pond. With Europe opening, many have been hoping since May that the United States will reciprocate and eliminate at least some of the COVID-19 international travel restrictions.

The EU Commission’s overall recommendation is that tourists from countries with low infection rates be allowed to enter if they are fully vaccinated with an EU-approved vaccine. This is reflected in some recent developments from European countries. For example:

  • Denmark has opened to EU/Schengen countries and plans to open to international tourists later in June.
  • France plans to use a “traffic light” system to determine which countries’ residents can visit and what restrictions will apply.
  • Malta is open fully to vaccinated travelers.
  • The UK plans to use a “traffic light” system that will determine “green-listed” countries, who will need to quarantine, and what testing will be required.
  • Portugal is open to EU/Schengen countries and the UK.
  • Italy is open to those from the UK, the EU, and Israel who are fully vaccinated.
  • The Netherlands is open to 15 low-risk countries.
  • Greece has been open to the EU, the United States, the UK, and Israel if the travelers are fully vaccinated or have a negative COVID-19 test.

In the meantime, the CDC has lowered travel restrictions for more than 100 countries. Further, especially due to upcoming international travel requirements, the United States is considering offering voluntary documentation that would allow U.S. residents to prove vaccination status. However, these vaccine “passports” have been controversial and a spokesperson from DHS noted that there will be “no federal vaccination database or a federal requirement for Americans to provide they’ve been vaccinated . . . . ” The status of these “passports” promises to be an evolving area, considering the privacy concerns that have been raised, such as in New York.

For now, everything is country by country and airline by airline – and everything is subject to change (make sure your airline tickets and hotel reservations are refundable!).

Those planning to travel need to make sure to check with the appropriate consulates before starting to plan.

Jackson Lewis P.C. © 2021

For more articles on international vacations, visit the NLR Immigration section.

 


A Return to Normal?

On Friday, May 28th, Governor Murphy will be lifting the State of New Jersey’s mask and social distancing mandate for mo2st businesses. That said, the most recent Executive Order makes clear that businesses can require mask use if they want and cannot stop people from wearing masks, if they so choose.

“Indoor public spaces” will no longer require masks or social distancing, HOWEVER, this does NOT include indoor worksites of employers that do not open their indoor spaces to the public for purposes of sale of goods, attendance at an event or activity, or provision of services. So in the typical closed office environment, individuals continue to be required to wear face coverings, subject only to exceptions that have previously existed, such as when employees are at distanced workstations or in their own offices, and shall continue to maintain six feet of distance from others to the maximum extent possible, except in the circumstances described therein. That said, if you have a business where customers are coming into the building to get products or services, mask use and social distancing will not be required by law. Additionally those who are not vaccinated are “strongly encouraged” to continue to wear a mask when indoors.

© 2021 Giordano, Halleran & Ciesla, P.C. All Rights Reserved


ARTICLE BY Jay S. Becker,  Jeri L. Abrams and

For more articles on COVID-19, visit the NLR Coronavirus News section.

Recent OSHA Update Targets Restaurant Industry

Occupational Safety and Health Administration (OSHA) has recently updated its COVID-19 response plan. Last year, OSHA focused much of its COVID-19 related attention on healthcare, elderly care, and prisons. This new Updated Interim Enforcement Response Plan for COVID-19 and National Emphasis Program — Coronavirus Disease 2019 (COVID-19) guidance shifts its focus to other industries where OSHA feels there could be spread of COVID-19. As part of the guidance, OSHA specifically targeted full-service and limited-service restaurants for inspections.

Restaurants should be prepared for on-site or virtual OSHA inspections. To prepare, restaurants should:

  • Ensure all OSHA recordkeeping (OSHA 300, 300A, and 301s) is in order and up to date.
  • Ensure any contact tracing for COVID-19 illness is properly documented.
  • Ensure a COVID-19 response plan is documented and in place-include relevant Federal, state and local guidance.
  • Ensure compliance with OSHA standards, specifically Personal Protective Equipment and Blood Borne Pathogens.
  • Ensure employees are trained on COVID-19 related hazards, reporting of COVID-19 symptoms, prevention of COVID-19, and document this training.
  • Ensure employees are trained that they will not be retaliated against for raising concerns regarding safety, specifically COVID-19 related safety.

Note that we are still waiting for OSHA’s Emergency Temporary Standard to be issued. OSHA has provided its proposed standard to the White House where it is currently being reviewed. Once that is issued, there will likely be more requirements for all industries with respect to COVID-19 related employee safety and health.

This article was written by Jane H. Heidingsfelder at Jones Walker law firm. For more information on OSHA guidance, please visit our Labor and Employment news page.

In-Person Client Meetings and COVID-19

A fellow attorney just circulated a poll to his friends asking, “Are you starting to meet with your clients in person?” If you are restarting in-person meetings with your clients, consider whether you are in a jurisdiction that mandates contact tracing and whether that conflicts with your duty to maintain a client’s confidential information confidential.

Every jurisdiction has adopted some form of ABA Model Rule 1.6, Confidentiality of Information. It provides in part that:

(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).

The mere fact that a person has consulted an attorney can be in itself confidential information. One obvious example is a famous celebrity visiting a divorce attorney.

The problematic situation arises if you learn that the client has COVID after an in-person meeting. Alternatively, what if you learn after the meeting that you have COVID? In jurisdictions that require contact tracing disclosure, or even for public policy and health considerations, you may need to disclose your client’s identity to contact tracing authorities. As an attorney, you should take a moment to learn the contact tracing and public health reporting laws in your jurisdiction. For example, right now, I understand that there is a tracing program in Massachusetts, but disclosure is voluntary, not legally required. This may change.

The easy answer to this dilemma is to discuss the issue before meeting a client in person. Model Rule 1.6 permits the disclosure of otherwise confidential client information with informed consent, so you should inform the client about contact tracing so the client can decide whether to meet in person or remotely.

The hard answer arises if you have not had this conversation. Absent informed consent from a client to disclose their identity to contract tracers, Model Rule 1.6 does permit – but does not require – disclosure to comply with a statutory requirement for contact tracing:

(b) A lawyer may reveal information relating to the representation of a client to the extent the lawyer reasonably believes necessary: . . . (6) to comply with other law or a court order . . .

While the ethical rules may permit you to comply with a statutory requirement to disclose your client’s identity in a COVID tracing situation, such a unilateral decision to make disclosure may not be good for your attorney-client business relationship.

In conclusion, you should seriously consider discussing the possibility of contact tracing disclosure obligations before meeting with a client in-person.

© 2021 SHERIN AND LODGEN LLP


For more articles on the legal industry, visit the NLR Law Office Management section.

Food & Food Packaging Is Unlikely to Spread COVID-19

The U.S. Food and Drug Administration (FDA) and Department of Agriculture (USDA) published a press release yesterday underscoring the international consensus that no credible evidence shows that food or food packaging is a source of viral transmission of SARS-CoV-2, the virus that causes COVID-19.

The press release highlights a September 2020 opinion from the International Commission on Microbiological Specifications for Foods that stated, “Despite the billions of meals and food packages handled since the beginning of the COVID-19 pandemic, to date there has not been any evidence that food, food packaging or food handling is a source or important transmission route for SARS-CoV-2 resulting in COVID-19.”  This consensus is consistent with literature reviews and research in other countries, and the fact that in the 100 million cases of COVID-19 worldwide, no epidemiological evidence suggests food or food packaging is a source of transmission to humans.

The U.S. Centers for Disease Control and Prevention (CDC) together with the U.S. Occupational Safety and Health Administration (OSHA) have provided guidance for food manufacturers to reduce the risk of spreading COVID-19 between workers. These guidelines complement the USDA and FDA food safety requirements that all U.S. food manufacturers must follow, such as the current Good Manufacturing Practices and preventative controls that focus on good hygiene practices and worker safety.

© 2020 Keller and Heckman LLP
For more, visit the NLR Biotech, Food, Drug section.

COVID-à manger: COVID-19 Takes a Bite out of French Lunch Traditions

The COVID-19 pandemic has changed dining habits across the world, as governments have shut down and restricted indoor and outdoor dining.  Even where restrictions have eased, many avoid sit-down dining out of concern for COVID-19 exposure and rely on take-away for their restaurant meals.  Clearly, the COVID-19 pandemic has limited dining options.

France, however, has decided to provide workers with a new, previously forbidden, dining option, although it remains to be seen how palatable it will be to French employees.  The Labor Ministry has decreed that to contain the spread of COVID-19, French workers now may eat lunch at their desks, which prior to the pandemic, Article R.4428-19 of the French Labor Code prohibited.

Gathering around a table for lunch with friends and colleagues has been long-standing French tradition, reflecting the country’s customs, habits and tastes.  The decree is intended to allow workers to return to the workplace and still limit the spread of COVID-19, by permitting them to lunch alone at their own workspace.  Until now, employers that allowed employees to eat lunch at their desks were subject to a fine, if caught, and employees who ate at their desks faced unspecified disciplinary action.

The French government has long been active in imposing regulations to prevent employers from exploiting their workers and in protecting workers’ rights, such as by imposing a 35-hour workweek, implementing the “right to disconnect” and mandating lunch hours.  Workers have become accustomed to dining out for lunch, and traditionally consider this time away from their work stations as an opportunity to refresh their bodies and minds prior to returning to work for the afternoon.  This simply is part of the French concept of maintaining a proper work-life balance.

While the French government continues to encourage remote work wherever possible, the new measure reflects the government’s effort to encourage businesses to reopen, where they can, with measures in place that will protect employees’ workplace health and safety.  Allowing workers to eat lunch at their desks offers workers and their employers a safer dining option, though arguably at the expense of traditional French cultural norms.  It is yet another example of how the COVID-19 pandemic has challenged, and changed, customary workplace standards.

©2020 Epstein Becker & Green, P.C. All rights reserved.


For more, visit the NLR Global law section.

IT Security Trends in the Era of COVID: Our Top Five Tips for Making Your Network Safer in 2021

As the COVID era drags on, it is clear that work life “post-COVID” may be very different from life “pre-COVID.” This is especially true as it relates to IT security. More and more employees have shifted to a telecommuting work model, and for many businesses that may be the case for an indefinite period of time. This raises important questions as to which security improvements or other changes IT departments need to make in 2021 to keep their businesses and client data safer from cyberattacks.

Here are five potential IT defense measures that your business can implement to protect your organization’s data as well as your clients’ data:

  1. Ensure your network only accepts connections through an encrypted Virtual Private Network (VPN). Preparing your network for long-term telecommuting connectivity and ensuring that your employees can only access your company’s network by using an encrypted VPN is an important first step. When properly configured, VPNs provide an encrypted “tunnel” between an employee and the company’s internal network (and back), which provides a secure connection as employees continue to remotely access their employers’ networks over the long haul.
  2. Invest in and enact mandatory multi-factor authentication techniques. Multi-factor authentication (MFA) involves validating the identity of a person and is critical to defending a network against many types of cyber threats, including phishing and credential stuffing attacks. MFA helps to protect against unauthorized network access even if an employee has had their account log-in credentials compromised. According to TechRepublic, the use of MFA increased by 18% in 2020. This also includes a 27% increase in the use of biometric data for security purposes. MFA has emerged as a key tool to combat the threat and expense of cyberattacks; as such, organizations of all sizes would be well served in making MFA implementation a top priority.
  3. Implement mandatory employee social awareness training. According to the 2019 Verizon Data Breach Investigations Report, approximately one-third of all cybersecurity breaches stemmed from phishing attacks, with that number rising to almost 80% in cyber espionage attacks. There is no better time to prepare your employees on how to recognize and avoid phishing attacks. One cost-effective measure to combat phishing attacks is to tag all emails originating outside the company as “external.” This creates more awareness and helps to prevent employees clicking on bad links or opening infected attachments that appear to come from fellow colleagues.
  4. Implement “layered” security for your network, also known as “Defense in Depth.” In addition to requiring a user to log in with solely their credentials, consider “layering” your network security by encompassing additional security measures such as MFA, password hashing and salting, biometric verification, application whitelisting and/or secure network logging and auditing. According to Help Net Security, in the second quarter of 2020, approximately 70% of all cyber-attacks involved “zero day” malware. This means 70% of all cyberattacks are using malware that does not yet have an anti-virus signature – a 12% increase from just the first quarter of 2020. To help defeat these “zero day” attacks, the more “layers” of network defense will work to strengthen a company’s ability to detect and prevent a developing cyberattack. Diversifying network defenses can pay dividends.
  5. Recognize and minimize the insider threat. “Insider” cyberattacks have increased by approximately 50% over the last two years. According to the Verizon Data Breach Report, over 30% of all reported cyberattacks and data breaches are directly attributable to company insiders. To alleviate this threat, it is critical to have your IT department identify and eliminate employee “privilege creep.” Insider attacks often stem from employees having excessive access and privileges to parts of the company network to which they do not need access. In short, it is critical to take the time to ensure that employees only have access to the data they actually need, and nothing more.

This list is by no means exhaustive, and there are certainly many other tactics, defenses and strategies companies can implement to protect their networks and data from external and internal cyber threats and attacks. Nevertheless, these “top five” recommendations are foundational to any type of network security improvements and should be considered as part of any upgrades for network cyber defenses in 2021.

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.


For more, visit the NLR Communications, Media & Internet section.