Posted In: Cybersecurity & Data Privacy
By Craig S. Horbus & Nicole M. Thorn on March 27, 2020
By now, most of us are working from home during our state orders to stay home. While we live in a time when the IoT (Internet of Things) gives us remote access through just about every possible device, we must stay vigilant. Just because we can does not always mean we should… or at least we should be thinking before we jump in remotely.
Cyber criminals use situations such as the COVID-19 pandemic as an opportunity to lure remote workers into tasks they would not otherwise do. As business networks and infrastructures get pressed in times like these, remote workers are often required to find workarounds or other ways to conduct business and keep moving forward. Those requests may not seem that unusual, such as a request from a purported vendor, charity, the CDC or other government regulator asking for confidential information, wire transfers and other data that they are not authorized to obtain.
Specifically, the FTC is cautioning consumers to be extra wary of emails, texts, and social media posts used to obtain personal information, prompts for donating to victims, fake information about COVID cases reported in your neighborhood and more.
We have posted technology scam tips in our previous posts (see March 4 “Corporate TIPS Blog: Smishing - A New Cyber Threat in Text Messages”; see March 12 “Cybersecurity Alert: COVID-19 & Cybersecurity”), but as a reminder, keep the following tips in mind especially when working remotely from home:
- Be Wary of Personal Email Addresses to Your Work Account. Especially now, cyber criminals can spoof the email box name to make it look like a legitimate email from a colleague’s personal account. Hover over the sender’s email address to see what it actually is and verify it before taking any action.
- Don’t Click on Links in An Email. Most of our inboxes are currently flooded with COVID-19 updates, information, and news. Many with links to websites with more information. Be more cautious than usual before clicking on those links. Unless you are expecting something from a colleague or other business contact, don’t click on embedded links in an email. Even if you do, do not enter any information on that page/site when you land there. Most vendors post legitimate communications, requests, etc. on their websites. Go directly to the source either by checking the website directly or by calling the numbers you have on their documents or other communications.
- Keep Your Home Network Secure. Most of us are using our home internet to access our work products and systems. Make sure your home devices and wifi/internet are secure. Use passwords that are not easily guessed. Turn off your computers when you’re not using them. Ensure you have anti-virus, anti-malware software installed. Consider mandating firewalls for all remote employees.
- Consider More Secure Policies for Wire Transfers. If you and/or your business use wire transfers, consider an updated policy that builds in extra security measures when sending or receiving funds. Our normal routines have been interrupted and while we work hard to keep moving forward, we may be inadvertently overlooking a critical step that has a chance to substantially impact our businesses or customers because we are working from an unusual setting.
We are living in an unprecedented time and thanks to technology, many businesses are able to continue their operations in allowing their employees to work remotely. But don’t let the intuitive nature of technology compromise your business’s security. Stay vigilant and use your IT resources to ensure data protection.
How Brouse Can Help
Brouse McDowell’s Cybersecurity team provides guidance and legal advice for data breaches. We also provide proactive solutions for companies to defend against cyber-attacks and events. We offer legal services related to data privacy and cybersecurity, including pre-breach and cybersecurity planning services, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2022 Brouse McDowell. All rights reserved.