By Thomas M. Bona.
The COVID-19 pandemic has changed the way society lives and conducts business. The rapid and unprecedented shift to remote working has opened businesses to new dangers and liabilities. One of the most pressing of these dangers is the increased risk of cyber attack. The Federal Bureau of Investigation has called attention to an increase in cyber-crime activity, targeting overburdened information technology systems and vulnerable work from home remote setups. Further, the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has published a formal alert that cyber-criminals are targeting individuals and businesses through email and phishing scams. These phishing emails contain false updates and information regarding COVID-19 that an employee may open, exposing the system to risk.
In addition to phishing scams, employees working remotely may log in using less secure hardware and software than an office setting provides, which may provide an easier pathway for cyber-criminals to enter a system. Employers should also be aware that with a majority of employees logging in remotely, it is easier for a cyber-criminal or “hacker” to blend in and secretly access systems. This leaves not only employer data at risk of being stolen, but sensitive client data as well.
No business is immune to this increased risk of cyber attack, and high profile organizations have already suffered as a result of cyber-crime. One such example is the cyber attack on a medical facility tasked with working on a COVID-19 vaccine, leading to the publication of sensitive patient data.
Businesses should plan a response to possible cyber attacks and consider the difficulty in coordinating countermeasures when information technology teams are also working remotely. Further, instruction and training should be given to employees to avoid phishing scams that may install malware. Employees should be instructed to not open emails from accounts outside of the organization that contain keywords or “lures” such as COVID-19 or coronavirus.
Employers must review applicable insurance, and ensure that cyber insurance policies or clauses exist that protect the employer from any possible data breach and the liability that results. Cyber insurance policies may protect business from cyber attack under business interruption or loss of business clauses, if said cyber attack results in a halting of office duties. Additionally, these policies may be construed to defend against third-party claims brought after a cyber attack that exposes sensitive client data. In conclusion, vigilance and preparation is key to avoiding cybersecurity risk and liability.
Should you have any questions, please call our office at (914) 703-6300 or contact:
Jeffrey T. Miller, Executive Partner