Seyfarth Synopsis: As individuals and businesses continue to focus on the rising number of confirmed Coronavirus cases throughout the world and what steps they can take to guard against infection, malicious actors are exploiting those very same fears for their own profit. A dramatic increase in the number of employees working from home coupled with overworked business and commercial IT staff has resulted in a higher likelihood that security best practices may be forgotten or disregarded entirely.

A number of recent examples are discussed below:

1. Phishing

While the U.S. Treasury[1] has issued a relatively simplistic notice warning of an increase in phishing communications with instruction to simply disregard them, the FCC[2] has provided a number of recordings of phishing attempts related to obtaining a complimentary COVID-19 testing kit and scheduling HVAC cleaning to protect against the spread of COVID-19.

Other phishing attempts seen in recent weeks involve the threat actor posing as members of the Center for Disease Control and Prevention or the World Health Organization in an attempt to legitimize their scams.  A common tactic is for these scammers to register malicious domain names (cdc-gov.org and cdcgov.org) that are similar to valid domains (cdc.gov) in order to confuse already worried recipients.
Continue Reading

In this unprecedented time, businesses are, more than ever, implementing and rapidly rolling out programs for remote or at-home work by employees. The quick changes in local and state governmental “shelter in place” instructions and Public Heath directives have placed significant strains on remote networks and caused local shortages of laptop computers at office supply and electronic stores across the country.

With this unexpected increase in remote workers, many companies are pushing the limits of their existing remote access technology, or deploying ad hoc technology and access solutions as quickly as possible. Some of those companies are not taking the time to consider potential information security, privacy, and other compliance ramifications for those same remote workers.

It is entirely appropriate and necessary for companies to adapt their technology and work networks are utilized to the greatest degree possible to remain in operation and serve business and customer needs. But as always, data security and privacy should always be part of the equation.

Below are some essential things to know about the security risks posed by remote or at-home worker, and a Technical Checklist for Remote employees to make sure your corporate data is safe, and you do not risk compliance challenges with data privacy law and requirements.
Continue Reading