Category Archives: Data Breaches – What Businesses Need to Know

Guest Blog: 4 Ways To Keep Your Business Secure During The COVID-19 Pandemic

cyber scams, Data Breaches - What to do When One is Discovered, Data Breaches – What Businesses Need to Know, Uncategorized March 23, 2020 Leave a comment

Cyber security concept businessman Lock on digital screen, contrast, virtual screen with a consultant doing presentation in the background Closed Padlock on digital, cyber security, key WannaCrypt

On Wednesday, March 11, 2020, the World Health Organization declared the outbreak of the coronavirus to be a pandemic. This is significant for several reasons. The first is that the way we interact has drastically, and must necessarily, change because of the contagiousness of the coronavirus and its effect on public health. Secondly, a public health scare such as this can adversely affect the health of a business’s cybersecurity and data privacy. Hackers and other cyber threat actors are capitalizing on the global concern over COVID-19. For example, Check Point researchers found that coronavirus-themed domains are over fifty (50) times more likely to be malicious than other domains and over 4,000 coronavirus-related domains have been registered since January 2020. In fact, a malicious website purporting to be the live map for COVID-19 global cases run by Johns Hopkins has been found to be circulating.

What does all of this mean? It means that your business, including your employees and clients, could be in danger if you don’t take precautionary measures to prevent the risk of a data breach.

How can small and mid-size businesses adapt quickly to ensure effective cybersecurity and data privacy protection right now? If your workforce has gone largely remote, you should focus your cybersecurity and data privacy efforts mainly on the following four areas most susceptible to a breach. This may help to mitigate the risk of a breach actually happening and limit any potential liability.

Below are four ways to keep your business safe from hackers and data breaches during this tumultuous time:

  1. Email Security
    • Make sure you and your staff know how to keep your email secure. Avoid opening emails, downloading attachments, or clicking on suspicious links sent from unknown or untrusted sources.
    • Verify unexpected attachments or links from people you know by contacting them through another method of communication like a phone call or text message.
    • Do not provide personal information to unknown sources like passwords, birthdates, and especially, social security numbers.
    • Be especially cognizant of emails with poor design, grammar, or spelling as this can be a sign of a phishing attempt.
  2. Password Protection and Multi-Factor Authentication
    • Use strong passwords on all of your accounts, and encourage your staff to do the same.
    • Avoid easy-to-guess words like names of pets, children, and spouses as well as common dates like birthdays.
  3. Web Safety
    • As noted above, there has been a massive influx of fake websites, whose creators are looking to take advantage of the fear surrounding the coronavirus.
    • Make sure that any websites that require the insertion of account credentials like usernames and passwords, along with those used to conduct financial transactions, are encrypted with a valid digital certificate to ensure your data is secure. Secure websites like these will typically have a green padlock located in the URL field and will begin with “https.”
    • While your workforce is working remotely, ensure that they are not using public computers and/or logging into public Wi-Fi connections to log into accounts and access sensitive information.
    • You may want to connect with an IT company or your in-house IT department to implement ad-blocking, script-blocking, and coin-blocking browser extensions to protect systems against malicious advertising attacks and scripts designed to launch malware.
    • Sign out of accounts and shut down computers and mobile devices when not in use.
  4. Device Maintenance 
    • Keep all hardware and software updated with the latest, patched version.
    • Run reputable antivirus or anti-malware applications on all devices and keep them updated with the latest version.
    • Create multiple, redundant backups of all critical and sensitive data and keep them stored off the network in the event of a ransomware infection or other destructive malware incident. This will allow you to recover lost files, if needed.

Lastly, if your business is not already protected by a cyber-insurance policy, now may be the time to consider obtaining coverage.

Small and mid-size businesses in the Delaware Valley should consider implementing the above cybersecurity and data privacy measures while adapting to a shifting health and security landscape in the wake of the coronavirus.

Stay safe, everyone!

ABOUT THE AUTHOR:

corporate attorney philadelphia law firm


Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

The hacker in the henhouse

Data Breaches – What Businesses Need to Know March 18, 2015 Leave a comment

hacker-in-a-henhouse- dos

“How do we begin to covet? We begin by coveting what we see every day.”

― Dr. Hannibal Lechter in The Silence of the Lambs

Are you worried about your company’s, employee’s and/or customer’s data being hacked by sophisticated criminals or cyber activists from China, Russia, North Korea, or other far off lands? Does the idea of losing your business’s hard-earned credibility and trust with the stroke of a key or two keep you up at night? You are not alone. An enterprising TV network could get high ratings with a late, late show catering to the business owners, senior management, and general counsel who are restless with thoughts of the class action lawsuits that are hitting Target, Home Depot, Sony, Anthem and others. But, while you have to be ever vigilant to protect your business from the type of all-out-assault that is grabbing headlines, you can’t afford to overlook the threat lurking in the next office.

Did you know a recent study found the most likely threat to information security is not the overseas hackavist, virus or worm, but rather the malicious or careless corporate insider? That’s right, employees caused more data breaches that any other source, 39% of reported breaches according to recent research. Note, I said “reported” breaches, which does not include the breaches employers do not discover or the ones they do not report. All this means it is a matter of when your data will be compromised, not if. Worse yet, when the breach is caused by a defecting employee, the information stolen can be the most crucial to your business’s success and the most harmful to its reputation.

On the one hand, employers who are the victim of malicious data breaches by employees or other insiders have a web of state and federal protections (and, hopefully, contractual rights) to help make them whole, but, on the other hand, the reality of the “unknown unknowns” and costs of recovery virtually assures that winning a lawsuit still means losing, at least, a little. If your employee steals important data to establish a new business, you may well have the legal means to put a stop to it, but you may not be able to recover the customers you lost (or the revenue from the future customers those customers would have sent your way) or succeed in collecting a monetary judgment from a former employee who invested all of his assets into his start up that is sputtering under the weight of litigation.

Breathe deeply. This blog post isn’t a horror show or an existential meditation on futility. Rather, there are key practical steps businesses should take to guard against this growing threat from within, which include:

  • Binding employees to contracts that tightly limit access to and use of key information and provide for strong remedies in the event of breach;
  • Storing only the electronic data needed to run your business and securely archiving data that is not needed on a routine business or that is merely held for contingencies (hackers can’t take what they can’t access);
  • Tightly limiting employee access to data on a need-to-know basis so that the entire organization does not have access to it (does your east coast sales manager really need access to the west coast’s prospect list?);
  • Using the latest cyber tools to protect from infiltration and detect potential hacks;
  • Enforcing security protocols and controls, including requiring regular updating of passwords;
  • Locking in protections and allocating the risk with agreements with vendors who are given access to data;
  • Establishing appropriate insurance coverage;
  • Developing a data breach plan to designate a crisis response team and identify a process for addressing the breach in hours, not days; and
  • Working with counsel to understand the scope of your liability and how to mitigate it in anticipation of a possible breach.

In sum, the ways in which the information age allows data collection and access that drives efficiency in business are the same ways it creates vulnerabilities. Employers cannot afford to overlook the likelihood of a data breach from within. By anticipating it and planning for it, employers can mitigate their damages.

Questions? Let me know.

%d bloggers like this: