Cookies Policy

We use cookies to ensure we give you the best experience on our site. If you continue without changing your settings, we assume you're happy to receive all cookies on this site. If you would like to, you can manually change your cookie settings at any time.

Continue

News & Knowledge

Business advice: Covid-19 and teleworking – Are you and your employees on the same page?

9th April 2020
Jonathan V. Gallo - Attorney (Vandeventer Black LLP)

Cyber criminals are using the unprecedented increase in teleworking to launch attacks against businesses and their employees. This article by MSI's law member Vandeventer Black LLP discusses some recent threats and provides guidance for protecting your business.

Working at her home office, your employee receives an email with the subject line: “Urgent Request” from your company’s CFO informing her that a vendor wants to change their account information so an invoice can be paid as soon as possible.

Knowing businesses are trying to keep cash flow moving during the pandemic, your employee wants to respond quickly. But, remembering company policy, she calls the CFO to confirm. She quickly discovers that the email is fraudulent and avoids what could otherwise have been a bad situation.

Recent Threats

Social engineering attacks like the spear-phishing scenario described above are not new; however, recently, hackers are using malware infected coronavirus maps to lure victims. Taking advantage of the public’s desire for up-to-date information on the spread of COVID-19, hackers send out emails urging recipients to click on a link to a website or an interactive map that allows recipients to view real time infection rate heat maps.  Unfortunately, the interactive map, or the website itself, is pre-loaded with malware that is then downloaded to recipients’ computers.

Hackers are also registering domain names utilizing commonly searched words such as “pandemic” or “coronavirus” or COVID-19” offering the latest COVID-19 information or an easy way to obtain federal assistance (e.g., “Click here to obtain your federal stimulus check”).  When users click on a link they are prompted to “register” and enter an email address, username, password, or other personal information, which is then collected, allowing hackers to run variations of those usernames and passwords to break into commonly accessed websites through “brute force” attacks.

Guidance for Businesses

  1. Review/update company information security, data breach response, business continuity, and disaster recovery plans/policies.
  2. Update data breach communication plans and inform employees who to contact in a suspected data breach or social engineering attack.
  3. Consider:
    • Prohibiting use of personal email accounts for company business;
    • Prohibiting storage of company information on personal devices or personal cloud accounts and require encryption of devices and media;
    • Prohibiting use of social media accounts to conduct company business;
    • Addressing appropriate use of video conference platforms and maintaining business confidentiality;
    • Prohibiting use of unsecured wireless networks/require use of Virtual Private Networks (VPN);
    • Requiring securing of home networks and personal devices;
    • Prohibiting use of work computers for personal business;
    • Requiring off-band confirmation, such as by telephone, before account information is changed or conducting of wire transfers;
    • Use of strong passwords and use of multi-factor authentication; and
    • Safeguarding company issued devices and media.
  4. Conduct refresher training on policies and procedures for reporting and responding to data breaches and the latest threats.
  5. Install the latest security patches to protect against vulnerabilities to company systems.

 

About Vandeventer Black LLP - Norfolk

Headquartered in Norfolk, we are a dynamic business and litigation law firm established in 1883. We focus on responsiveness and results while providing internationally recognized services across a wide variety of legal sectors.

View firm profile