September 29, 2020

Volume X, Number 273

September 28, 2020

Subscribe to Latest Legal News and Analysis

COVID-19 & Cybersecurity – Maintaining Vigilance During the Pandemic

For many businesses throughout Wisconsin, employees have been working remotely for weeks and IT Departments have been working long hours to ensure that employees can continue to work remotely, with minimal disruption and with secure connections. Many people are dealing with issues while working at home by constantly toggling back and forth between work and the real-time updates about the spread of the coronavirus and its impact on what they can and cannot do for the foreseeable future. In short, people may not be thinking of best cybersecurity practices and hygiene. They should be. If not, this difficult work environment may become even more challenging and the ability to work remotely could be severely compromised, as well as the security of the sensitive information networks maintain.

It is within these unique working circumstances that hackers and cybercriminals continue to see great opportunity. They will exploit whatever toehold they can gain in a business computer network. Coronavirus-themed phishing and email-spoofing attacks continue to rise dramatically. Hackers are hoping distracted workers will more readily open otherwise suspicious email, click on malicious links or attachments related to COVID-19 updates on new infections, deaths, curves and cures – or new sources of funding available to employers and employees affected by the pandemic, such as benefits under the recently passed Coronavirus Aid, Relief and Economic Security (“CARES”) Act. Distracted employees may not think twice before acting in response to such emails and, in doing so, unwittingly allow unauthorized persons into their networks.

The FBI urges vigilance during the COVID-19 pandemic and has set up fbi.gov/coronavirus to help Americans track the various scams that have emerged that seek to exploit opportunities the pandemic and our unique working environments have created. Following are a few specific examples of current threats.

Government Agency Scams
In recent weeks the FBI reports that cyber actors have engaged in phishing campaigns against first responders, launched distributed denial-of-service (“DDoS”) attacks against government agencies, and created fake COVID-19 websites that quietly download malware to victim devices. Based on recent trends, the FBI assesses these same groups will target businesses and individuals working from home via telework software vulnerabilities, education technology platforms, and new Business Email Compromise schemes.

Business and Consumer Scams
The FCC is tracking COVID-19 consumer scams, fcc.gov/covid-scams, including text scams impersonating government agencies. The FCC recently learned of a text scam claiming to be from the “FCC Financial Care Center” and offering $30,000 in COVID-19 relief. There is no FCC program to provide relief funds. The text is likely a phishing attempt to get banking or other personal information from victims. The Better Business Bureau is also warning of a text message scam impersonating the U.S. Department of Health and Human Services informing recipients that they must take a “mandatory online COVID-19 test” using the included link.

With this backdrop in mind, it is important to remember a few fundamentals to minimize cybersecurity risk now and in the weeks ahead as stay-at-home guidelines remain in effect:

  • Alert your users that coronavirus-themed phishing campaigns and email-spoofing attacks have spiked dramatically. Users may be encouraged, for example, to click on a Centers for Disease Control (“CDC”) or World Health Organization (“WHO”) URL but, if they do, they may be redirected to a phishing site from which cybercriminals may obtain Outlook usernames and passwords from unsuspecting users. Simply don’t click it if it looks suspicious.

  • Mandate, if possible, that workers use company-owned computers and sign into virtual private networks (“VPNs”). Remind employees that policies regarding the proper use of company technology are still in effect and enforceable while they are working remotely.

  • To ensure that your internet-based meetings are private, utilize available features to set a password for the meeting, only distributing the password to intended participants, and not posting the password in a public forum.

  • Monitor and review access logs for detection of unusual activity.

  • Remind your employees not to use public wifi and to routinely change their password on their home wifi.

  • Enable Multi-Factor Authentication whenever possible.

  • Limit your users’ rights and permissions with the principle of “need-to-know.”

  • Scrutinize and question third-party software or telework vendors to ensure that critical security controls are not compromised by new software. In particular, the FBI reports that malicious cyber actors may use legitimate-looking telework software—which may be offered for free or at a reduced price—to gain access to sensitive data or eavesdrop on conversations; in addition, cyber actors may also use phishing links or malicious mobile applications that appear to come from legitimate telework software vendors.

  • Be careful about COVID-19 stimulus check scams. Checks will be sent via U.S. Mail and you should not give anyone your bank account information or accept a fee for expedited payment, etc. Also, email and SMS text scams are heating up that claim you must pay a fine for leaving your house and directs people to pay the fine via a “government” website with a ‘.US’ extension. Official U.S. Government websites all end with “.GOV”.

Most importantly, have an incident-response plan in place in the unfortunate event your network’s cybersecurity is breached. This plan should include contact information of insurers (ideally, your policy already covers breaches but it will also require that notice of a breach must be timely given) and outside counsel who can coordinate a rapid investigation and response (such as coordinating with forensic investigators) to mitigate the damage of any data breach.

Together, we can all flatten the curve of these COVID-19 scams.

©2020 von Briesen & Roper, s.cNational Law Review, Volume X, Number 107

TRENDING LEGAL ANALYSIS


About this Author

Andrew Phillips, von Briesen Roper Law Firm, Milwaukee, Litigation Law Attorney

Andy Phillips has dedicated his career to assisting local governments, school districts and businesses with their most challenging legal problems. Andy brings innovative solutions to the organizational, operational and personnel problems facing local governments and has been a leader in creating consortiums efficiently in areas such as Medicaid programming, human services and long term care. Andy serves as General Counsel for the Wisconsin Counties Association, a position which he has held for the past decade. 

Andy is also an experienced...

414-287-1570
Bob Simandl, Von Briesen Law Firm, Waukesha, Labor and Employment Law Attorney

Bob Simandl is a Shareholder with over 30 years of experience advising clients on a wide range of employee benefit, labor and employment law issues. This experience enables Bob to advise clients on human resources (HR) law issues taking into consideration all areas of opportunity and vulnerability, including the litigation of HR law-based claims. He has extensive experience in advising employers in employee benefit plan design, issues associated with ill and injured workers, labor negotiations, and multi-employer health and welfare plan and pension plan vulnerability and compliance.

(262) 923-8651
Jeffrey E. Mark, von Briesen Roper Law Firm, Milwaukee, Healthcare Law Attorney

Jeff Mark is a member of both the Health Care Practice Group and the Business Practice Group. Jeff advises hospitals, multi-institutional health care systems, physician groups and specialty providers regarding a variety of transactional health care related matters including affiliations, acquisitions and divestitures; fraud and abuse; Stark; physician agreements; and equipment and office space leasing arrangements.

Jeff also advises individuals, corporations, and partnerships regarding general corporate transactional matters...

414-287-1514
Robert A. Mathers, Von Briesen Law Firm, Oshkosh and Madison, Corporate and Tax Law Attorney

Bob Mathers is a Shareholder and Chair of the Tax Section at von Briesen. Bob also is the firm’s Business Practice Group Leader. 

Bob provides legal and business advisory services to Midwest businesses and their owners with a focus on closely-held businesses, estate planning and private wealth services. He is a Certified Public Accountant and is AICPA Accredited in Business Valuation (ABV) and is an AICPA Personal Financial Specialist (PFS). He leverages his prior experience as one of the country’s largest CPA firm’s National Tax Director, and...

920-232-4855
James Wawrzyn, von Briesen Roper Law Firm, Milwaukee and Waukesha, Corporate and Healhcare Law Attorney

James Wawrzyn counsels clients on commercial contract negotiation, mergers and acquisitions, supply-chain alternatives, and general corporate matters. James collaborates with clients to identify and implement their priorities. For each project, James has a results-oriented approach. He continuously engages the stakeholders to recognize and actively address obstacles to finalizing priority items.

James is skilled in the preparation and negotiation of technology-based agreements such as master services, development and licensing...

414-287-1476