Category Archives: cyber scams

Guest Blog: 4 Ways To Keep Your Business Secure During The COVID-19 Pandemic

Cyber security concept businessman Lock on digital screen, contrast, virtual screen with a consultant doing presentation in the background Closed Padlock on digital, cyber security, key WannaCrypt

On Wednesday, March 11, 2020, the World Health Organization declared the outbreak of the coronavirus to be a pandemic. This is significant for several reasons. The first is that the way we interact has drastically, and must necessarily, change because of the contagiousness of the coronavirus and its effect on public health. Secondly, a public health scare such as this can adversely affect the health of a business’s cybersecurity and data privacy. Hackers and other cyber threat actors are capitalizing on the global concern over COVID-19. For example, Check Point researchers found that coronavirus-themed domains are over fifty (50) times more likely to be malicious than other domains and over 4,000 coronavirus-related domains have been registered since January 2020. In fact, a malicious website purporting to be the live map for COVID-19 global cases run by Johns Hopkins has been found to be circulating.

What does all of this mean? It means that your business, including your employees and clients, could be in danger if you don’t take precautionary measures to prevent the risk of a data breach.

How can small and mid-size businesses adapt quickly to ensure effective cybersecurity and data privacy protection right now? If your workforce has gone largely remote, you should focus your cybersecurity and data privacy efforts mainly on the following four areas most susceptible to a breach. This may help to mitigate the risk of a breach actually happening and limit any potential liability.

Below are four ways to keep your business safe from hackers and data breaches during this tumultuous time:

  1. Email Security
    • Make sure you and your staff know how to keep your email secure. Avoid opening emails, downloading attachments, or clicking on suspicious links sent from unknown or untrusted sources.
    • Verify unexpected attachments or links from people you know by contacting them through another method of communication like a phone call or text message.
    • Do not provide personal information to unknown sources like passwords, birthdates, and especially, social security numbers.
    • Be especially cognizant of emails with poor design, grammar, or spelling as this can be a sign of a phishing attempt.
  2. Password Protection and Multi-Factor Authentication
    • Use strong passwords on all of your accounts, and encourage your staff to do the same.
    • Avoid easy-to-guess words like names of pets, children, and spouses as well as common dates like birthdays.
  3. Web Safety
    • As noted above, there has been a massive influx of fake websites, whose creators are looking to take advantage of the fear surrounding the coronavirus.
    • Make sure that any websites that require the insertion of account credentials like usernames and passwords, along with those used to conduct financial transactions, are encrypted with a valid digital certificate to ensure your data is secure. Secure websites like these will typically have a green padlock located in the URL field and will begin with “https.”
    • While your workforce is working remotely, ensure that they are not using public computers and/or logging into public Wi-Fi connections to log into accounts and access sensitive information.
    • You may want to connect with an IT company or your in-house IT department to implement ad-blocking, script-blocking, and coin-blocking browser extensions to protect systems against malicious advertising attacks and scripts designed to launch malware.
    • Sign out of accounts and shut down computers and mobile devices when not in use.
  4. Device Maintenance 
    • Keep all hardware and software updated with the latest, patched version.
    • Run reputable antivirus or anti-malware applications on all devices and keep them updated with the latest version.
    • Create multiple, redundant backups of all critical and sensitive data and keep them stored off the network in the event of a ransomware infection or other destructive malware incident. This will allow you to recover lost files, if needed.

Lastly, if your business is not already protected by a cyber-insurance policy, now may be the time to consider obtaining coverage.

Small and mid-size businesses in the Delaware Valley should consider implementing the above cybersecurity and data privacy measures while adapting to a shifting health and security landscape in the wake of the coronavirus.

Stay safe, everyone!

ABOUT THE AUTHOR:

corporate attorney philadelphia law firm


Krishna A. Jani
 is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

Gone Phishing? Employees Sue Worldwide Manufacturer for Invasion of Privacy, Among Other Tort Claims

Talk about adding insult to injury! After Schletter Group, a worldwide manufacturer with headquarters in North Carolina, fell for a phishing scam when it sent its employees’ W-2 information in response to a phony email, it was sued by its employees for invasion of privacy and other tort claims.  The employees claimed the company ignored the risks identified in a 2015 FBI warning and a 2016 news article about the scam and did not take appropriate steps to protect its employees’ private data.  While the company initially offered credit monitoring services, the employees sought additional remedies, including monetary damages.  Although the company sought to dismiss the employees’ claims on the basis that the employer had no intent to make the disclosure, the company’s motion failed.  The court ruled, at least at the early stages, that the company’s arguments that it did not intentionally disclose its employees’ data were not enough to toss the suit out of court.  The court accepted the employees’ argument that this was a disclosure and not a breach and therefore, the element of intent was satisfied at the pleading stage.

Savvy employer takeaways: Encrypt employee data, place strict limits on who has the ability to disclose it, train employees on the risks of cyber scams, and pay attention to FBI and news media warnings.

For more information, including news, updates and links to important information pertaining to legal developments that affect businesses ranging from cyber security liability arising from electronically-stored information to evolving issues with employees, subscribe to my blog, or follow me on Twitter @AdamGersh.

%d bloggers like this: