LAW ELEVATED — Working remotely during COVID-19: Data security risks

By Explorer -

With more employees working remotely during the COVID-19 pandemic come increased data security risks. Phishing emails are the leading cause of business data breaches, and according to Google, scammers are sending 18 million hoax emails about COVID-19 to Gmail users every day. So far, we have seen the following phishing emails specific to the COVID-19 pandemic:

  • To sign up for COVID-19 vaccine testing;
  • To invest in stock of a COVID-19 vaccine or ventilator equipment;
  • To buy COVID-19 home test kits (there are no FDA-approved home kits);
  • To buy products to treat COVID-19 (there are no products proven to treat COVID-19); 
  • To donate to a charity relating to COVID-19;
  • To receive government checks from the recent federal Coronavirus Response Act.

These phishing emails often ask you to click a link and provide debit/credit card numbers or bank account information. Hackers will use this information to steal from your financial accounts or sell your credit card information on the Dark Web. It is rarely a good idea to click on email links to provide financial account information. If you think an email is from a financial institution with whom you do business, go directly to that financial institution’s website to log in. 

If a charity emails asking for a donation, separately go to that charity’s website to donate online. If an email asks you to click on a link to download a new app, go to the app store to download the app. The Federal Trade Commission is a good resource for common scams and data breaches and for reporting phishing scams. 

Some of the same phishing emails we have seen before are making come-back appearances.  Often hackers imitate Microsoft requesting users to enter their usernames and passwords for an urgent purpose or to change passwords. This is often a scam to get your work credentials to hack into a business network. Separately email your business’s IT helpdesk to inquire about Microsoft updates that may be legitimate.  If you receive an email from someone in your business asking you to click on a link or provide your username and password, call or email separately that person to make sure the request is legitimate. 

The FBI has also warned about these increased risks of phishing schemes relating to the COVID-19 pandemic. The FBI gave several examples of recent COVID-19 phishing schemes, which typically impersonate vendors asking for payment outside the normal course of business due to COVID-19.

The FBI advises of the following red flags:

  • Unexplained urgency
  • Last minute changes in wire instructions or recipient account information
  • Last minute changes in established communication platforms or email account addresses
  • Communications only in email and refusal to communicate via telephone or online voice or video platforms
  • Requests for advanced payment of services when not previously required
  • Requests from employees to change direct deposit information

The FBI also recommends the following tips:

  • Be skeptical of last-minute changes in wiring instructions or recipient account information.
  • Verify any changes and information via the contact on file – do not contact the vendor through the number provided in the email.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.

If you are a victim of a fraudulent scheme, contact your financial institution immediately. You should also file a complaint with the FBI’s Internet Crime Complaint Center.

Businesses should continue to regularly train employees on phishing emails, particularly now that new COVID-19 phishing emails are becoming more common. Train employees to help them know what to look for in phishing emails. Remember to look for spelling errors or grammatical errors in suspicious emails. Many criminally indicted hackers have come from foreign countries and lack English skills. Also, look for misspellings in email addresses purporting to come from someone in your business. Often email addresses are misspelled by one letter that is hard to catch unless you look closely. 

Businesses should implement multi-factor authentication given the increase in employees working remotely. Remote access to a business network remains a common data breach risk. Multi-factor authentication has become the gold standard to prevent remote access breaches.

If businesses have not yet invested in a cyber insurance policy, now is the time. Talk with your insurance broker for information about cyber insurance policies. Businesses who have a cyber policy should check in with their broker to make sure it still provides sufficient coverage. Specifically inquire about coverage relating to phishing email data breaches. Cyber policies are more common and less expensive than a few years ago. As the saying goes, an ounce of prevention is worth a pound of cure.

» MELODY McANALLY, an attorney with Butler Snow, focuses her practice on data privacy and security and commercial litigation. She is a co-team leader of the firm’s data security and privacy team, and advises clients on data security protection, data breach response and cyber-risk management.


Comments

Post a Comment

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

By Explorer -
Image
Massive public protests taking place in Hong Kong over the past week are aimed at a new extradition law, known as the Fugitive Offenders Ordinance , that would see accused criminals extradited to mainland China to face prosecution. Hongkongers feel the law could be used to legalise the kidnapping of people who express views, and act in ways, that are not popular with the Chinese government . The same law could also be used to extradite tourists and visitors to China who are arrested on suspicion of having committed these crimes. Protesters want the bill scrapped. For now, debate of the legislation has been postponed . Organisers say one million people turned out for the protests, while police estimate the number was around 240,000. Either way, it was a significant number of Hong Kong’s 7.5 million population. Commentators on Twitter remarked on how well organised the protesters were. So, how did they do it? Protesters across the world are using n
Read more

Former FARC guerrilla, Colombian cop pose naked together to promote peace deal

By -
Image
There are very few There are very few countries in the world where the advancement of peace talks to end a decades old civil conflict leads two gorgeous women to strip naked and canoodle for a sexy magazine shoot. Israel and Palestine? Don't think so. North and South Korea? Wouldn't bet on it. Ukraine? Possibly, but not likely. Colombia, however... absolutely! With major breakthroughs occurring in the long-running peace talks between the Colombian government and the Marxist Revolutionary Armed Forces of Colombia (FARC) guerrilla group, a former member of Colombia's version of the FBI and a former guerrilla decided to give peace – and nude modelling – a chance. That's how Isabel Londono, a former member of Colombia's now defunct national intelligence agency DAS, ending up wearing a skimpy black bra and panties as a nude Ana Pacheco, an ex-FARC guerrilla, nestles up next to her for the cover shot of Soho, a Colombian men's magazine. "We have never gotten into
Read more

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive

By Explorer -
 According to a video of interrogation of "Hamas terrorists" released by Israel Security Agency Shin Bet, accessed exclusively by News18, "The Shifa hospital has been made with many considerations as Hamas knew that medical places won’t be attacked by the enemy. Equipment, explosives and other material has been kept there." Hamas is using hospitals in Gaza as covers and have turned them into ammunition depots, according to a video of interrogation of “Hamas terrorists" released by  Israel Security Agency  Shin Bet, accessed exclusively by News18. ALSO READ | Israel-Hamas War LIVE Updates  HERE The Israeli military has claimed that those featuring in the video released on Saturday are Hamas terrorists, who participated in the  October 7 attack  on Israel. “Most of the tunnels are hidden in hospitals. There are multiple underground levels. Al-Shifa Hospital is not small, it is a big place that can be used to hide things," a man is seen saying. “The Al-Shifa
Read more