The Centers for Disease Control and Prevention (CDC) reports that it is "responding to an outbreak of respiratory disease caused by a novel (new) coronavirus that was first detected in China and which has now been detected in 60 locations internationally, including in the United States." While early steps are being taken to protect health and mitigate the spread of disease, cybercriminals have already taken advantage of public anxiety. A Washington State agency reports a phishing campaign in which the cybercriminals impersonate the CDC, "warning of new infections and promising to provide a list of active infections in the surrounding area if users click on a link." Clicking the link leads to the download of malware, with potential compromise of the device and associated workplace systems. The agency suggests that employers remind staff of anti-phishing protocol. These include exercising caution before opening emails from unknown parties, confirming the identity of senders via phone and not opening unexpected links or attachments.
Regardless of how COVID-19 progresses, companies should consider similar, common-sense measures to ready their cybersecurity preparedness for potential disruption. For example:
By taking these steps to protect technology, companies may reduce the risk of loss that may otherwise accompany temporary disruptions like COVID-19 may prove to be.
DISCLAIMER: Please note that the situation surrounding COVID-19 is evolving and that the subject matter discussed in these publications may change on a daily basis. Please contact the author or your responsible Holland & Knight lawyer for timely advice.
Please note that email communications to the firm through this website do not create an attorney-client relationship between you and the firm. Do not send any privileged or confidential information to the firm through this website. Click "accept" below to confirm that you have read and understand this notice.