November 30, 2020

Volume X, Number 335

Advertisement

November 30, 2020

Subscribe to Latest Legal News and Analysis

A Phishing Pandemic – Part II

In part 1 of this blog, we highlighted the increase in phishing scams in light of the global COVID-19 pandemic. In this part 2, we discuss some practical tips that organisations can implement to mitigate the heightened risks of falling prey to such scams.

So, where to begin? You may have seen a recently published alert on the K&L Gates Hub: Responding to COVID-19 series, which provides high level ideas and tips for organisations when implementing remote working procedures for their employees. In particular, organisations should consider implementing:

  • administrative controls, such as information classifications to reduce access to confidential information on a “need to know” basis only, and reviewing such controls and guidelines to address any security issues;
  • physical controls and procedures to protect unauthorised access to systems, such as reminding employees that organisation information cannot be downloaded onto their personal devices or cloud services; and
  • technical controls, such as firewalls, antivirus software, intrusion detection and encryption protections. Oversight technologies, such as requiring two-factor authentication and using a Virtual Private Network, can provide additional security for the systems. Several quite severe breaches suffered by our clients could have been avoided just by activating two-factor authentication.

In addition to the controls identified above, organisations should specifically consider using internal security tools that access, log and monitor activities within the organisation’s network, including when data is accessed or exfiltrated externally from its networks. These tools include content filters, SIEM solutions, endpoint detection and response solutions, and honeytokens. Guarding the fenceline is one thing, but monitoring within is essential these days where it only takes one mistake by an employee to expose your systems.

Importantly, the above controls mean little if human error steps in. As such, we strongly recommend that organisations remind their employees of simple procedures that they themselves can implement to protect themselves, and their employers, from phishing scams. These include being aware of online requests or phone calls for personal information, checking email addresses or links by hovering the mouse over the URL to determine where they lead to, and watching out for spelling, grammatical mistakes and generic greetings which are common attributes of phishing email scams.

 
Copyright 2020 K & L GatesNational Law Review, Volume X, Number 98
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm
Partner

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

+61.3.9640.4261
Rob Pulham Corporate Attorney K&L Gates
Special Counsel

Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices...

61-3-9640-4414
Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.

+61.3.9205.2027
Rebecca Gill Commercial Technology and Sourcing Lawyer Melbourne K&L Gates
Rebecca

Ms. Gill is a lawyer in our Corporate and Transactional team at the Melbourne office.

Primary Practice

Commercial Technology and Sourcing

Education

  • J.D., Melbourne School of Law University of Melbourne, 2018
  • B.A., University of Melbourne, 2014
  • Certificate I in Vocational Preparation, Australian Employment and Training Solutions, 2014
61.3.9205.2126
Advertisement
Advertisement