On Wednesday, March 11, 2020, the World Health Organization declared the outbreak of the coronavirus to be a pandemic. This is significant for several reasons. The first is that the way we interact has drastically, and must necessarily, change because of the contagiousness of the coronavirus and its effect on public health. Secondly, a public health scare such as this can adversely affect the health of a business’s cybersecurity and data privacy. Hackers and other cyber threat actors are capitalizing on the global concern over COVID-19. For example, Check Point researchers found that coronavirus-themed domains are over fifty (50) times more likely to be malicious than other domains and over 4,000 coronavirus-related domains have been registered since January 2020. In fact, a malicious website purporting to be the live map for COVID-19 global cases run by Johns Hopkins has been found to be circulating.
What does all of this mean? It means that your business, including your employees and clients, could be in danger if you don’t take precautionary measures to prevent the risk of a data breach.
How can small and mid-size businesses adapt quickly to ensure effective cybersecurity and data privacy protection right now? If your workforce has gone largely remote, you should focus your cybersecurity and data privacy efforts mainly on the following four areas most susceptible to a breach. This may help to mitigate the risk of a breach actually happening and limit any potential liability.
Below are four ways to keep your business safe from hackers and data breaches during this tumultuous time:
- Email Security
- Make sure you and your staff know how to keep your email secure. Avoid opening emails, downloading attachments, or clicking on suspicious links sent from unknown or untrusted sources.
- Verify unexpected attachments or links from people you know by contacting them through another method of communication like a phone call or text message.
- Do not provide personal information to unknown sources like passwords, birthdates, and especially, social security numbers.
- Be especially cognizant of emails with poor design, grammar, or spelling as this can be a sign of a phishing attempt.
- Password Protection and Multi-Factor Authentication
- Use strong passwords on all of your accounts, and encourage your staff to do the same.
- Avoid easy-to-guess words like names of pets, children, and spouses as well as common dates like birthdays.
- Web Safety
- As noted above, there has been a massive influx of fake websites, whose creators are looking to take advantage of the fear surrounding the coronavirus.
- Make sure that any websites that require the insertion of account credentials like usernames and passwords, along with those used to conduct financial transactions, are encrypted with a valid digital certificate to ensure your data is secure. Secure websites like these will typically have a green padlock located in the URL field and will begin with “https.”
- While your workforce is working remotely, ensure that they are not using public computers and/or logging into public Wi-Fi connections to log into accounts and access sensitive information.
- You may want to connect with an IT company or your in-house IT department to implement ad-blocking, script-blocking, and coin-blocking browser extensions to protect systems against malicious advertising attacks and scripts designed to launch malware.
- Sign out of accounts and shut down computers and mobile devices when not in use.
- Device Maintenance
- Keep all hardware and software updated with the latest, patched version.
- Run reputable antivirus or anti-malware applications on all devices and keep them updated with the latest version.
- Create multiple, redundant backups of all critical and sensitive data and keep them stored off the network in the event of a ransomware infection or other destructive malware incident. This will allow you to recover lost files, if needed.
Lastly, if your business is not already protected by a cyber-insurance policy, now may be the time to consider obtaining coverage.
Small and mid-size businesses in the Delaware Valley should consider implementing the above cybersecurity and data privacy measures while adapting to a shifting health and security landscape in the wake of the coronavirus.
Stay safe, everyone!
ABOUT THE AUTHOR:
Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or firstname.lastname@example.org.